]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/blame - security/smack/smack_lsm.c
projects / mirror_ubuntu-artful-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Revert "UBUNTU: SAUCE: LSM stacking: LSM: Infrastructure management of the remaining...
[mirror_ubuntu-artful-kernel.git] / security / smack / smack_lsm.c
CommitLineData
e114e473
CS		 1/*
2 * Simplified MAC Kernel (smack) security module
3 *
4 * This file contains the smack hook function implementations.
5 *
5c6d1125 6 * Authors:
e114e473 7 * Casey Schaufler <casey@schaufler-ca.com>
84088ba2 8 * Jarkko Sakkinen <jarkko.sakkinen@intel.com>
e114e473
CS		 9 *
10 * Copyright (C) 2007 Casey Schaufler <casey@schaufler-ca.com>
07feee8f 11 * Copyright (C) 2009 Hewlett-Packard Development Company, L.P.
82c21bfa 12 * Paul Moore <paul@paul-moore.com>
5c6d1125 13 * Copyright (C) 2010 Nokia Corporation
84088ba2 14 * Copyright (C) 2011 Intel Corporation.
e114e473
CS		 15 *
16 * This program is free software; you can redistribute it and/or modify
17 * it under the terms of the GNU General Public License version 2,
18 * as published by the Free Software Foundation.
19 */
20
21#include <linux/xattr.h>
22#include <linux/pagemap.h>
23#include <linux/mount.h>
24#include <linux/stat.h>
e114e473
CS		 25#include <linux/kd.h>
26#include <asm/ioctls.h>
07feee8f 27#include <linux/ip.h>
e114e473
CS		 28#include <linux/tcp.h>
29#include <linux/udp.h>
c6739443 30#include <linux/dccp.h>
5a0e3ad6 31#include <linux/slab.h>
e114e473
CS		 32#include <linux/mutex.h>
33#include <linux/pipe_fs_i.h>
e114e473 34#include <net/cipso_ipv4.h>
c6739443
CS		 35#include <net/ip.h>
36#include <net/ipv6.h>
d20bdda6 37#include <linux/audit.h>
1fd7317d 38#include <linux/magic.h>
2a7dba39 39#include <linux/dcache.h>
16014d87 40#include <linux/personality.h>
40401530
AV		 41#include <linux/msg.h>
42#include <linux/shm.h>
43#include <linux/binfmts.h>
3bf2789c 44#include <linux/parser.h>
e114e473
CS		 45#include "smack.h"
46
5c6d1125
JS		 47#define TRANS_TRUE "TRUE"
48#define TRANS_TRUE_SIZE 4
49
c6739443
CS		 50#define SMK_CONNECTING 0
51#define SMK_RECEIVING 1
52#define SMK_SENDING 2
53
21abb1ec 54#ifdef SMACK_IPV6_PORT_LABELING
3c7ce342 55DEFINE_MUTEX(smack_ipv6_lock);
8b549ef4 56static LIST_HEAD(smk_ipv6_port_list);
21abb1ec 57#endif
1a5b472b 58static struct kmem_cache *smack_inode_cache;
69f287ae 59int smack_enabled;
c6739443 60
3d04c924 61static const match_table_t smk_mount_tokens = {
3bf2789c
VT		 62 {Opt_fsdefault, SMK_FSDEFAULT "%s"},
63 {Opt_fsfloor, SMK_FSFLOOR "%s"},
64 {Opt_fshat, SMK_FSHAT "%s"},
65 {Opt_fsroot, SMK_FSROOT "%s"},
66 {Opt_fstransmute, SMK_FSTRANS "%s"},
67 {Opt_error, NULL},
68};
69
3d04c924
CS		 70#ifdef CONFIG_SECURITY_SMACK_BRINGUP
71static char *smk_bu_mess[] = {
72 "Bringup Error", /* Unused */
73 "Bringup", /* SMACK_BRINGUP_ALLOW */
74 "Unconfined Subject", /* SMACK_UNCONFINED_SUBJECT */
75 "Unconfined Object", /* SMACK_UNCONFINED_OBJECT */
76};
77
d166c802
CS		 78static void smk_bu_mode(int mode, char *s)
79{
80 int i = 0;
81
82 if (mode & MAY_READ)
83 s[i++] = 'r';
84 if (mode & MAY_WRITE)
85 s[i++] = 'w';
86 if (mode & MAY_EXEC)
87 s[i++] = 'x';
88 if (mode & MAY_APPEND)
89 s[i++] = 'a';
90 if (mode & MAY_TRANSMUTE)
91 s[i++] = 't';
92 if (mode & MAY_LOCK)
93 s[i++] = 'l';
94 if (i == 0)
95 s[i++] = '-';
96 s[i] = '\0';
97}
98#endif
99
100#ifdef CONFIG_SECURITY_SMACK_BRINGUP
21c7eae2
LP		 101static int smk_bu_note(char *note, struct smack_known *sskp,
102 struct smack_known *oskp, int mode, int rc)
d166c802
CS		 103{
104 char acc[SMK_NUM_ACCESS_TYPE + 1];
105
106 if (rc <= 0)
107 return rc;
bf4b2fee
CS		 108 if (rc > SMACK_UNCONFINED_OBJECT)
109 rc = 0;
d166c802
CS		 110
111 smk_bu_mode(mode, acc);
bf4b2fee 112 pr_info("Smack %s: (%s %s %s) %s\n", smk_bu_mess[rc],
21c7eae2 113 sskp->smk_known, oskp->smk_known, acc, note);
d166c802
CS		 114 return 0;
115}
116#else
21c7eae2 117#define smk_bu_note(note, sskp, oskp, mode, RC) (RC)
d166c802
CS		 118#endif
119
120#ifdef CONFIG_SECURITY_SMACK_BRINGUP
21c7eae2
LP		 121static int smk_bu_current(char *note, struct smack_known *oskp,
122 int mode, int rc)
d166c802 123{
98738d70 124 struct task_smack *tsp = smack_cred(current_cred());
d166c802
CS		 125 char acc[SMK_NUM_ACCESS_TYPE + 1];
126
127 if (rc <= 0)
128 return rc;
bf4b2fee
CS		 129 if (rc > SMACK_UNCONFINED_OBJECT)
130 rc = 0;
d166c802
CS		 131
132 smk_bu_mode(mode, acc);
bf4b2fee 133 pr_info("Smack %s: (%s %s %s) %s %s\n", smk_bu_mess[rc],
21c7eae2
LP		 134 tsp->smk_task->smk_known, oskp->smk_known,
135 acc, current->comm, note);
d166c802
CS		 136 return 0;
137}
138#else
21c7eae2 139#define smk_bu_current(note, oskp, mode, RC) (RC)
d166c802
CS		 140#endif
141
142#ifdef CONFIG_SECURITY_SMACK_BRINGUP
143static int smk_bu_task(struct task_struct *otp, int mode, int rc)
144{
98738d70 145 struct task_smack *tsp = smack_cred(current_cred());
6d1cff2a 146 struct smack_known *smk_task = smk_of_task_struct(otp);
d166c802
CS		 147 char acc[SMK_NUM_ACCESS_TYPE + 1];
148
149 if (rc <= 0)
150 return rc;
bf4b2fee
CS		 151 if (rc > SMACK_UNCONFINED_OBJECT)
152 rc = 0;
d166c802
CS		 153
154 smk_bu_mode(mode, acc);
bf4b2fee 155 pr_info("Smack %s: (%s %s %s) %s to %s\n", smk_bu_mess[rc],
6d1cff2a 156 tsp->smk_task->smk_known, smk_task->smk_known, acc,
d166c802
CS		 157 current->comm, otp->comm);
158 return 0;
159}
160#else
161#define smk_bu_task(otp, mode, RC) (RC)
162#endif
163
164#ifdef CONFIG_SECURITY_SMACK_BRINGUP
165static int smk_bu_inode(struct inode *inode, int mode, int rc)
166{
98738d70 167 struct task_smack *tsp = smack_cred(current_cred());
33132849 168 struct inode_smack *isp = inode->i_security;
d166c802
CS		 169 char acc[SMK_NUM_ACCESS_TYPE + 1];
170
bf4b2fee
CS		 171 if (isp->smk_flags & SMK_INODE_IMPURE)
172 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
173 inode->i_sb->s_id, inode->i_ino, current->comm);
174
d166c802
CS		 175 if (rc <= 0)
176 return rc;
bf4b2fee
CS		 177 if (rc > SMACK_UNCONFINED_OBJECT)
178 rc = 0;
179 if (rc == SMACK_UNCONFINED_SUBJECT &&
180 (mode & (MAY_WRITE | MAY_APPEND)))
181 isp->smk_flags |= SMK_INODE_IMPURE;
d166c802
CS		 182
183 smk_bu_mode(mode, acc);
bf4b2fee
CS		 184
185 pr_info("Smack %s: (%s %s %s) inode=(%s %ld) %s\n", smk_bu_mess[rc],
186 tsp->smk_task->smk_known, isp->smk_inode->smk_known, acc,
d166c802
CS		 187 inode->i_sb->s_id, inode->i_ino, current->comm);
188 return 0;
189}
190#else
191#define smk_bu_inode(inode, mode, RC) (RC)
192#endif
193
194#ifdef CONFIG_SECURITY_SMACK_BRINGUP
195static int smk_bu_file(struct file *file, int mode, int rc)
196{
98738d70 197 struct task_smack *tsp = smack_cred(current_cred());
d166c802 198 struct smack_known *sskp = tsp->smk_task;
5e7270a6 199 struct inode *inode = file_inode(file);
33132849 200 struct inode_smack *isp = inode->i_security;
d166c802
CS		 201 char acc[SMK_NUM_ACCESS_TYPE + 1];
202
bf4b2fee
CS		 203 if (isp->smk_flags & SMK_INODE_IMPURE)
204 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
205 inode->i_sb->s_id, inode->i_ino, current->comm);
206
d166c802
CS		 207 if (rc <= 0)
208 return rc;
bf4b2fee
CS		 209 if (rc > SMACK_UNCONFINED_OBJECT)
210 rc = 0;
d166c802
CS		 211
212 smk_bu_mode(mode, acc);
bf4b2fee 213 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
5e7270a6 214 sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
a455589f 215 inode->i_sb->s_id, inode->i_ino, file,
d166c802
CS		 216 current->comm);
217 return 0;
218}
219#else
220#define smk_bu_file(file, mode, RC) (RC)
221#endif
222
223#ifdef CONFIG_SECURITY_SMACK_BRINGUP
224static int smk_bu_credfile(const struct cred *cred, struct file *file,
225 int mode, int rc)
226{
98738d70 227 struct task_smack *tsp = smack_cred(cred);
d166c802 228 struct smack_known *sskp = tsp->smk_task;
45063097 229 struct inode *inode = file_inode(file);
33132849 230 struct inode_smack *isp = inode->i_security;
d166c802
CS		 231 char acc[SMK_NUM_ACCESS_TYPE + 1];
232
bf4b2fee
CS		 233 if (isp->smk_flags & SMK_INODE_IMPURE)
234 pr_info("Smack Unconfined Corruption: inode=(%s %ld) %s\n",
235 inode->i_sb->s_id, inode->i_ino, current->comm);
236
d166c802
CS		 237 if (rc <= 0)
238 return rc;
bf4b2fee
CS		 239 if (rc > SMACK_UNCONFINED_OBJECT)
240 rc = 0;
d166c802
CS		 241
242 smk_bu_mode(mode, acc);
bf4b2fee 243 pr_info("Smack %s: (%s %s %s) file=(%s %ld %pD) %s\n", smk_bu_mess[rc],
21c7eae2 244 sskp->smk_known, smk_of_inode(inode)->smk_known, acc,
a455589f 245 inode->i_sb->s_id, inode->i_ino, file,
d166c802
CS		 246 current->comm);
247 return 0;
248}
249#else
250#define smk_bu_credfile(cred, file, mode, RC) (RC)
251#endif
252
e114e473
CS		 253/**
254 * smk_fetch - Fetch the smack label from a file.
1a28979b 255 * @name: type of the label (attribute)
e114e473
CS		 256 * @ip: a pointer to the inode
257 * @dp: a pointer to the dentry
258 *
e774ad68
LP		 259 * Returns a pointer to the master list entry for the Smack label,
260 * NULL if there was no label to fetch, or an error code.
e114e473 261 */
2f823ff8
CS		 262static struct smack_known *smk_fetch(const char *name, struct inode *ip,
263 struct dentry *dp)
e114e473
CS		 264{
265 int rc;
f7112e6c 266 char *buffer;
2f823ff8 267 struct smack_known *skp = NULL;
e114e473 268
5d6c3191 269 if (!(ip->i_opflags & IOP_XATTR))
e774ad68 270 return ERR_PTR(-EOPNOTSUPP);
e114e473 271
f7112e6c
CS		 272 buffer = kzalloc(SMK_LONGLABEL, GFP_KERNEL);
273 if (buffer == NULL)
e774ad68 274 return ERR_PTR(-ENOMEM);
e114e473 275
5d6c3191 276 rc = __vfs_getxattr(dp, ip, name, buffer, SMK_LONGLABEL);
e774ad68
LP		 277 if (rc < 0)
278 skp = ERR_PTR(rc);
279 else if (rc == 0)
280 skp = NULL;
281 else
2f823ff8 282 skp = smk_import_entry(buffer, rc);
f7112e6c
CS		 283
284 kfree(buffer);
285
2f823ff8 286 return skp;
e114e473
CS		 287}
288
289/**
33132849 290 * new_inode_smack - allocate an inode security blob
21c7eae2 291 * @skp: a pointer to the Smack label entry to use in the blob
e114e473 292 *
33132849 293 * Returns the new blob or NULL if there's no memory available
e114e473 294 */
33132849 295static struct inode_smack *new_inode_smack(struct smack_known *skp)
e114e473 296{
33132849
JS		 297 struct inode_smack *isp;
298
299 isp = kmem_cache_zalloc(smack_inode_cache, GFP_NOFS);
300 if (isp == NULL)
301 return NULL;
e114e473 302
21c7eae2 303 isp->smk_inode = skp;
e114e473
CS		 304 isp->smk_flags = 0;
305 mutex_init(&isp->smk_lock);
33132849
JS		 306
307 return isp;
e114e473
CS		 308}
309
7898e1f8 310/**
98738d70
CS		 311 * init_task_smack - initialize a task security blob
312 * @tsp: blob to initialize
1a28979b
LP		 313 * @task: a pointer to the Smack label for the running task
314 * @forked: a pointer to the Smack label for the forked task
7898e1f8 315 *
7898e1f8 316 */
98738d70
CS		 317static void init_task_smack(struct task_smack *tsp, struct smack_known *task,
318 struct smack_known *forked)
7898e1f8 319{
7898e1f8
CS		 320 tsp->smk_task = task;
321 tsp->smk_forked = forked;
322 INIT_LIST_HEAD(&tsp->smk_rules);
38416e53 323 INIT_LIST_HEAD(&tsp->smk_relabel);
7898e1f8 324 mutex_init(&tsp->smk_rules_lock);
7898e1f8
CS		 325}
326
327/**
328 * smk_copy_rules - copy a rule set
1a28979b
LP		 329 * @nhead: new rules header pointer
330 * @ohead: old rules header pointer
331 * @gfp: type of the memory for the allocation
7898e1f8
CS		 332 *
333 * Returns 0 on success, -ENOMEM on error
334 */
335static int smk_copy_rules(struct list_head *nhead, struct list_head *ohead,
336 gfp_t gfp)
337{
338 struct smack_rule *nrp;
339 struct smack_rule *orp;
340 int rc = 0;
341
7898e1f8
CS		 342 list_for_each_entry_rcu(orp, ohead, list) {
343 nrp = kzalloc(sizeof(struct smack_rule), gfp);
344 if (nrp == NULL) {
345 rc = -ENOMEM;
346 break;
347 }
348 *nrp = *orp;
349 list_add_rcu(&nrp->list, nhead);
350 }
351 return rc;
352}
353
38416e53
ZJ		 354/**
355 * smk_copy_relabel - copy smk_relabel labels list
356 * @nhead: new rules header pointer
357 * @ohead: old rules header pointer
358 * @gfp: type of the memory for the allocation
359 *
360 * Returns 0 on success, -ENOMEM on error
361 */
362static int smk_copy_relabel(struct list_head *nhead, struct list_head *ohead,
363 gfp_t gfp)
364{
365 struct smack_known_list_elem *nklep;
366 struct smack_known_list_elem *oklep;
367
38416e53
ZJ		 368 list_for_each_entry(oklep, ohead, list) {
369 nklep = kzalloc(sizeof(struct smack_known_list_elem), gfp);
370 if (nklep == NULL) {
371 smk_destroy_label_list(nhead);
372 return -ENOMEM;
373 }
374 nklep->smk_label = oklep->smk_label;
375 list_add(&nklep->list, nhead);
376 }
377
378 return 0;
379}
380
5663884c
LP		 381/**
382 * smk_ptrace_mode - helper function for converting PTRACE_MODE_* into MAY_*
383 * @mode - input mode in form of PTRACE_MODE_*
384 *
385 * Returns a converted MAY_* mode usable by smack rules
386 */
387static inline unsigned int smk_ptrace_mode(unsigned int mode)
388{
3dfb7d8c 389 if (mode & PTRACE_MODE_ATTACH)
5663884c 390 return MAY_READWRITE;
3dfb7d8c
JH		 391 if (mode & PTRACE_MODE_READ)
392 return MAY_READ;
5663884c
LP		 393
394 return 0;
395}
396
397/**
398 * smk_ptrace_rule_check - helper for ptrace access
399 * @tracer: tracer process
21c7eae2 400 * @tracee_known: label entry of the process that's about to be traced
5663884c
LP		 401 * @mode: ptrace attachment mode (PTRACE_MODE_*)
402 * @func: name of the function that called us, used for audit
403 *
404 * Returns 0 on access granted, -error on error
405 */
21c7eae2
LP		 406static int smk_ptrace_rule_check(struct task_struct *tracer,
407 struct smack_known *tracee_known,
5663884c
LP		 408 unsigned int mode, const char *func)
409{
410 int rc;
411 struct smk_audit_info ad, *saip = NULL;
412 struct task_smack *tsp;
21c7eae2 413 struct smack_known *tracer_known;
5663884c
LP		 414
415 if ((mode & PTRACE_MODE_NOAUDIT) == 0) {
416 smk_ad_init(&ad, func, LSM_AUDIT_DATA_TASK);
417 smk_ad_setfield_u_tsk(&ad, tracer);
418 saip = &ad;
419 }
420
6d1cff2a 421 rcu_read_lock();
98738d70 422 tsp = smack_cred(__task_cred(tracer));
21c7eae2 423 tracer_known = smk_of_task(tsp);
5663884c 424
66867818
LP		 425 if ((mode & PTRACE_MODE_ATTACH) &&
426 (smack_ptrace_rule == SMACK_PTRACE_EXACT ||
427 smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)) {
21c7eae2 428 if (tracer_known->smk_known == tracee_known->smk_known)
66867818
LP		 429 rc = 0;
430 else if (smack_ptrace_rule == SMACK_PTRACE_DRACONIAN)
431 rc = -EACCES;
432 else if (capable(CAP_SYS_PTRACE))
433 rc = 0;
434 else
435 rc = -EACCES;
436
437 if (saip)
21c7eae2
LP		 438 smack_log(tracer_known->smk_known,
439 tracee_known->smk_known,
440 0, rc, saip);
66867818 441
6d1cff2a 442 rcu_read_unlock();
66867818
LP		 443 return rc;
444 }
445
446 /* In case of rule==SMACK_PTRACE_DEFAULT or mode==PTRACE_MODE_READ */
21c7eae2 447 rc = smk_tskacc(tsp, tracee_known, smk_ptrace_mode(mode), saip);
6d1cff2a
AR		 448
449 rcu_read_unlock();
5663884c
LP		 450 return rc;
451}
452
e114e473
CS		 453/*
454 * LSM hooks.
455 * We he, that is fun!
456 */
457
458/**
9e48858f 459 * smack_ptrace_access_check - Smack approval on PTRACE_ATTACH
e114e473 460 * @ctp: child task pointer
5663884c 461 * @mode: ptrace attachment mode (PTRACE_MODE_*)
e114e473
CS		 462 *
463 * Returns 0 if access is OK, an error code otherwise
464 *
5663884c 465 * Do the capability checks.
e114e473 466 */
9e48858f 467static int smack_ptrace_access_check(struct task_struct *ctp, unsigned int mode)
e114e473 468{
2f823ff8 469 struct smack_known *skp;
e114e473 470
6d1cff2a 471 skp = smk_of_task_struct(ctp);
ecfcc53f 472
b1d9e6b0 473 return smk_ptrace_rule_check(current, skp, mode, __func__);
5cd9c58f
DH		 474}
475
476/**
477 * smack_ptrace_traceme - Smack approval on PTRACE_TRACEME
478 * @ptp: parent task pointer
479 *
480 * Returns 0 if access is OK, an error code otherwise
481 *
5663884c 482 * Do the capability checks, and require PTRACE_MODE_ATTACH.
5cd9c58f
DH		 483 */
484static int smack_ptrace_traceme(struct task_struct *ptp)
485{
486 int rc;
2f823ff8 487 struct smack_known *skp;
5cd9c58f 488
98738d70 489 skp = smk_of_task(smack_cred(current_cred()));
ecfcc53f 490
21c7eae2 491 rc = smk_ptrace_rule_check(ptp, skp, PTRACE_MODE_ATTACH, __func__);
e114e473
CS		 492 return rc;
493}
494
495/**
496 * smack_syslog - Smack approval on syslog
497 * @type: message type
498 *
e114e473
CS		 499 * Returns 0 on success, error code otherwise.
500 */
12b3052c 501static int smack_syslog(int typefrom_file)
e114e473 502{
12b3052c 503 int rc = 0;
2f823ff8 504 struct smack_known *skp = smk_of_current();
e114e473 505
1880eff7 506 if (smack_privileged(CAP_MAC_OVERRIDE))
e114e473
CS		 507 return 0;
508
24ea1b6e 509 if (smack_syslog_label != NULL && smack_syslog_label != skp)
e114e473
CS		 510 rc = -EACCES;
511
512 return rc;
513}
514
515
516/*
517 * Superblock Hooks.
518 */
519
520/**
521 * smack_sb_alloc_security - allocate a superblock blob
522 * @sb: the superblock getting the blob
523 *
524 * Returns 0 on success or -ENOMEM on error.
525 */
526static int smack_sb_alloc_security(struct super_block *sb)
527{
33132849
JS		 528 struct superblock_smack *sbsp;
529
530 sbsp = kzalloc(sizeof(struct superblock_smack), GFP_KERNEL);
531
532 if (sbsp == NULL)
533 return -ENOMEM;
e114e473 534
21c7eae2
LP		 535 sbsp->smk_root = &smack_known_floor;
536 sbsp->smk_default = &smack_known_floor;
537 sbsp->smk_floor = &smack_known_floor;
538 sbsp->smk_hat = &smack_known_hat;
e830b394 539 /*
9f50eda2 540 * SMK_SB_INITIALIZED will be zero from kzalloc.
e830b394 541 */
33132849 542 sb->s_security = sbsp;
e114e473
CS		 543
544 return 0;
545}
546
33132849
JS		 547/**
548 * smack_sb_free_security - free a superblock blob
549 * @sb: the superblock getting the blob
550 *
551 */
552static void smack_sb_free_security(struct super_block *sb)
553{
554 kfree(sb->s_security);
555 sb->s_security = NULL;
556}
557
e114e473
CS		 558/**
559 * smack_sb_copy_data - copy mount options data for processing
e114e473 560 * @orig: where to start
251a2a95 561 * @smackopts: mount options string
e114e473
CS		 562 *
563 * Returns 0 on success or -ENOMEM on error.
564 *
565 * Copy the Smack specific mount options out of the mount
566 * options list.
567 */
e0007529 568static int smack_sb_copy_data(char *orig, char *smackopts)
e114e473
CS		 569{
570 char *cp, *commap, *otheropts, *dp;
571
e114e473
CS		 572 otheropts = (char *)get_zeroed_page(GFP_KERNEL);
573 if (otheropts == NULL)
574 return -ENOMEM;
575
576 for (cp = orig, commap = orig; commap != NULL; cp = commap + 1) {
577 if (strstr(cp, SMK_FSDEFAULT) == cp)
578 dp = smackopts;
579 else if (strstr(cp, SMK_FSFLOOR) == cp)
580 dp = smackopts;
581 else if (strstr(cp, SMK_FSHAT) == cp)
582 dp = smackopts;
583 else if (strstr(cp, SMK_FSROOT) == cp)
584 dp = smackopts;
e830b394
CS		 585 else if (strstr(cp, SMK_FSTRANS) == cp)
586 dp = smackopts;
e114e473
CS		 587 else
588 dp = otheropts;
589
590 commap = strchr(cp, ',');
591 if (commap != NULL)
592 *commap = '\0';
593
594 if (*dp != '\0')
595 strcat(dp, ",");
596 strcat(dp, cp);
597 }
598
599 strcpy(orig, otheropts);
600 free_page((unsigned long)otheropts);
601
602 return 0;
603}
604
605/**
3bf2789c
VT		 606 * smack_parse_opts_str - parse Smack specific mount options
607 * @options: mount options string
608 * @opts: where to store converted mount opts
609 *
610 * Returns 0 on success or -ENOMEM on error.
611 *
612 * converts Smack specific mount options to generic security option format
613 */
614static int smack_parse_opts_str(char *options,
615 struct security_mnt_opts *opts)
616{
617 char *p;
3d04c924
CS		 618 char *fsdefault = NULL;
619 char *fsfloor = NULL;
620 char *fshat = NULL;
621 char *fsroot = NULL;
622 char *fstransmute = NULL;
623 int rc = -ENOMEM;
624 int num_mnt_opts = 0;
625 int token;
3bf2789c
VT		 626
627 opts->num_mnt_opts = 0;
628
629 if (!options)
630 return 0;
631
632 while ((p = strsep(&options, ",")) != NULL) {
3bf2789c
VT		 633 substring_t args[MAX_OPT_ARGS];
634
635 if (!*p)
636 continue;
637
3d04c924 638 token = match_token(p, smk_mount_tokens, args);
3bf2789c
VT		 639
640 switch (token) {
641 case Opt_fsdefault:
642 if (fsdefault)
643 goto out_opt_err;
644 fsdefault = match_strdup(&args[0]);
645 if (!fsdefault)
646 goto out_err;
647 break;
648 case Opt_fsfloor:
649 if (fsfloor)
650 goto out_opt_err;
651 fsfloor = match_strdup(&args[0]);
652 if (!fsfloor)
653 goto out_err;
654 break;
655 case Opt_fshat:
656 if (fshat)
657 goto out_opt_err;
658 fshat = match_strdup(&args[0]);
659 if (!fshat)
660 goto out_err;
661 break;
662 case Opt_fsroot:
663 if (fsroot)
664 goto out_opt_err;
665 fsroot = match_strdup(&args[0]);
666 if (!fsroot)
667 goto out_err;
668 break;
669 case Opt_fstransmute:
670 if (fstransmute)
671 goto out_opt_err;
672 fstransmute = match_strdup(&args[0]);
673 if (!fstransmute)
674 goto out_err;
675 break;
676 default:
677 rc = -EINVAL;
678 pr_warn("Smack: unknown mount option\n");
679 goto out_err;
680 }
681 }
682
8c15d66e 683 opts->mnt_opts = kcalloc(NUM_SMK_MNT_OPTS, sizeof(char *), GFP_KERNEL);
3bf2789c
VT		 684 if (!opts->mnt_opts)
685 goto out_err;
686
687 opts->mnt_opts_flags = kcalloc(NUM_SMK_MNT_OPTS, sizeof(int),
8c15d66e 688 GFP_KERNEL);
c3c8dc9f 689 if (!opts->mnt_opts_flags)
3bf2789c 690 goto out_err;
3bf2789c
VT		 691
692 if (fsdefault) {
693 opts->mnt_opts[num_mnt_opts] = fsdefault;
694 opts->mnt_opts_flags[num_mnt_opts++] = FSDEFAULT_MNT;
695 }
696 if (fsfloor) {
697 opts->mnt_opts[num_mnt_opts] = fsfloor;
698 opts->mnt_opts_flags[num_mnt_opts++] = FSFLOOR_MNT;
699 }
700 if (fshat) {
701 opts->mnt_opts[num_mnt_opts] = fshat;
702 opts->mnt_opts_flags[num_mnt_opts++] = FSHAT_MNT;
703 }
704 if (fsroot) {
705 opts->mnt_opts[num_mnt_opts] = fsroot;
706 opts->mnt_opts_flags[num_mnt_opts++] = FSROOT_MNT;
707 }
708 if (fstransmute) {
709 opts->mnt_opts[num_mnt_opts] = fstransmute;
710 opts->mnt_opts_flags[num_mnt_opts++] = FSTRANS_MNT;
711 }
712
713 opts->num_mnt_opts = num_mnt_opts;
714 return 0;
715
716out_opt_err:
717 rc = -EINVAL;
718 pr_warn("Smack: duplicate mount options\n");
719
720out_err:
721 kfree(fsdefault);
722 kfree(fsfloor);
723 kfree(fshat);
724 kfree(fsroot);
725 kfree(fstransmute);
726 return rc;
727}
728
729/**
730 * smack_set_mnt_opts - set Smack specific mount options
e114e473 731 * @sb: the file system superblock
3bf2789c
VT		 732 * @opts: Smack mount options
733 * @kern_flags: mount option from kernel space or user space
734 * @set_kern_flags: where to store converted mount opts
e114e473
CS		 735 *
736 * Returns 0 on success, an error code on failure
3bf2789c
VT		 737 *
738 * Allow filesystems with binary mount data to explicitly set Smack mount
739 * labels.
e114e473 740 */
3bf2789c
VT		 741static int smack_set_mnt_opts(struct super_block *sb,
742 struct security_mnt_opts *opts,
743 unsigned long kern_flags,
744 unsigned long *set_kern_flags)
e114e473
CS		 745{
746 struct dentry *root = sb->s_root;
c6f493d6 747 struct inode *inode = d_backing_inode(root);
33132849 748 struct superblock_smack *sp = sb->s_security;
e114e473 749 struct inode_smack *isp;
24ea1b6e 750 struct smack_known *skp;
3bf2789c
VT		 751 int i;
752 int num_opts = opts->num_mnt_opts;
e830b394 753 int transmute = 0;
e114e473 754
9f50eda2 755 if (sp->smk_flags & SMK_SB_INITIALIZED)
e114e473 756 return 0;
eb982cb4 757
2097f599
HS		 758 if (!smack_privileged(CAP_MAC_ADMIN)) {
759 /*
760 * Unprivileged mounts don't get to specify Smack values.
761 */
762 if (num_opts)
763 return -EPERM;
764 /*
765 * Unprivileged mounts get root and default from the caller.
766 */
767 skp = smk_of_current();
768 sp->smk_root = skp;
769 sp->smk_default = skp;
770 /*
771 * For a handful of fs types with no user-controlled
772 * backing store it's okay to trust security labels
773 * in the filesystem. The rest are untrusted.
774 */
775 if (sb->s_user_ns != &init_user_ns &&
776 sb->s_magic != SYSFS_MAGIC && sb->s_magic != TMPFS_MAGIC &&
777 sb->s_magic != RAMFS_MAGIC) {
778 transmute = 1;
779 sp->smk_flags |= SMK_SB_UNTRUSTED;
780 }
781 }
782
9f50eda2 783 sp->smk_flags |= SMK_SB_INITIALIZED;
e114e473 784
3bf2789c
VT		 785 for (i = 0; i < num_opts; i++) {
786 switch (opts->mnt_opts_flags[i]) {
787 case FSDEFAULT_MNT:
788 skp = smk_import_entry(opts->mnt_opts[i], 0);
e774ad68
LP		 789 if (IS_ERR(skp))
790 return PTR_ERR(skp);
3bf2789c
VT		 791 sp->smk_default = skp;
792 break;
793 case FSFLOOR_MNT:
794 skp = smk_import_entry(opts->mnt_opts[i], 0);
e774ad68
LP		 795 if (IS_ERR(skp))
796 return PTR_ERR(skp);
797 sp->smk_floor = skp;
3bf2789c
VT		 798 break;
799 case FSHAT_MNT:
800 skp = smk_import_entry(opts->mnt_opts[i], 0);
e774ad68
LP		 801 if (IS_ERR(skp))
802 return PTR_ERR(skp);
3bf2789c
VT		 803 sp->smk_hat = skp;
804 break;
805 case FSROOT_MNT:
806 skp = smk_import_entry(opts->mnt_opts[i], 0);
e774ad68
LP		 807 if (IS_ERR(skp))
808 return PTR_ERR(skp);
809 sp->smk_root = skp;
3bf2789c
VT		 810 break;
811 case FSTRANS_MNT:
812 skp = smk_import_entry(opts->mnt_opts[i], 0);
e774ad68
LP		 813 if (IS_ERR(skp))
814 return PTR_ERR(skp);
815 sp->smk_root = skp;
816 transmute = 1;
3bf2789c
VT		 817 break;
818 default:
819 break;
e114e473
CS		 820 }
821 }
822
823 /*
824 * Initialize the root inode.
825 */
33132849
JS		 826 isp = inode->i_security;
827 if (isp == NULL) {
828 isp = new_inode_smack(sp->smk_root);
829 if (isp == NULL)
830 return -ENOMEM;
831 inode->i_security = isp;
832 } else
833 isp->smk_inode = sp->smk_root;
e114e473 834
33132849 835 if (transmute)
e830b394
CS		 836 isp->smk_flags |= SMK_INODE_TRANSMUTE;
837
e114e473
CS		 838 return 0;
839}
840
3bf2789c
VT		 841/**
842 * smack_sb_kern_mount - Smack specific mount processing
843 * @sb: the file system superblock
844 * @flags: the mount flags
845 * @data: the smack mount options
846 *
847 * Returns 0 on success, an error code on failure
848 */
849static int smack_sb_kern_mount(struct super_block *sb, int flags, void *data)
850{
851 int rc = 0;
852 char *options = data;
853 struct security_mnt_opts opts;
854
855 security_init_mnt_opts(&opts);
856
857 if (!options)
858 goto out;
859
860 rc = smack_parse_opts_str(options, &opts);
861 if (rc)
862 goto out_err;
863
864out:
865 rc = smack_set_mnt_opts(sb, &opts, 0, NULL);
866
867out_err:
868 security_free_mnt_opts(&opts);
869 return rc;
870}
871
e114e473
CS		 872/**
873 * smack_sb_statfs - Smack check on statfs
874 * @dentry: identifies the file system in question
875 *
876 * Returns 0 if current can read the floor of the filesystem,
877 * and error code otherwise
878 */
879static int smack_sb_statfs(struct dentry *dentry)
880{
33132849 881 struct superblock_smack *sbp = dentry->d_sb->s_security;
ecfcc53f
EB		 882 int rc;
883 struct smk_audit_info ad;
884
a269434d 885 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 886 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
e114e473 887
ecfcc53f 888 rc = smk_curacc(sbp->smk_floor, MAY_READ, &ad);
d166c802 889 rc = smk_bu_current("statfs", sbp->smk_floor, MAY_READ, rc);
ecfcc53f 890 return rc;
e114e473
CS		 891}
892
676dac4b
CS		 893/*
894 * BPRM hooks
895 */
896
ce8a4321
CS		 897/**
898 * smack_bprm_set_creds - set creds for exec
899 * @bprm: the exec information
900 *
5663884c 901 * Returns 0 if it gets a blob, -EPERM if exec forbidden and -ENOMEM otherwise
ce8a4321 902 */
676dac4b
CS		 903static int smack_bprm_set_creds(struct linux_binprm *bprm)
904{
496ad9aa 905 struct inode *inode = file_inode(bprm->file);
98738d70 906 struct task_smack *bsp = smack_cred(bprm->cred);
676dac4b 907 struct inode_smack *isp;
809c02e0 908 struct superblock_smack *sbsp;
676dac4b
CS		 909 int rc;
910
676dac4b
CS		 911 if (bprm->cred_prepared)
912 return 0;
913
33132849 914 isp = inode->i_security;
84088ba2 915 if (isp->smk_task == NULL || isp->smk_task == bsp->smk_task)
676dac4b
CS		 916 return 0;
917
33132849 918 sbsp = inode->i_sb->s_security;
809c02e0
SF		 919 if ((sbsp->smk_flags & SMK_SB_UNTRUSTED) &&
920 isp->smk_task != sbsp->smk_root)
921 return 0;
922
9227dd2a 923 if (bprm->unsafe & LSM_UNSAFE_PTRACE) {
5663884c
LP		 924 struct task_struct *tracer;
925 rc = 0;
926
927 rcu_read_lock();
928 tracer = ptrace_parent(current);
929 if (likely(tracer != NULL))
930 rc = smk_ptrace_rule_check(tracer,
21c7eae2 931 isp->smk_task,
5663884c
LP		 932 PTRACE_MODE_ATTACH,
933 __func__);
934 rcu_read_unlock();
935
936 if (rc != 0)
937 return rc;
938 } else if (bprm->unsafe)
84088ba2 939 return -EPERM;
676dac4b 940
84088ba2
JS		 941 bsp->smk_task = isp->smk_task;
942 bprm->per_clear |= PER_CLEAR_ON_SETID;
676dac4b 943
84088ba2
JS		 944 return 0;
945}
676dac4b 946
84088ba2
JS		 947/**
948 * smack_bprm_committing_creds - Prepare to install the new credentials
949 * from bprm.
950 *
951 * @bprm: binprm for exec
952 */
953static void smack_bprm_committing_creds(struct linux_binprm *bprm)
954{
98738d70 955 struct task_smack *bsp = smack_cred(bprm->cred);
676dac4b 956
84088ba2
JS		 957 if (bsp->smk_task != bsp->smk_forked)
958 current->pdeath_signal = 0;
959}
960
961/**
962 * smack_bprm_secureexec - Return the decision to use secureexec.
963 * @bprm: binprm for exec
964 *
965 * Returns 0 on success.
966 */
967static int smack_bprm_secureexec(struct linux_binprm *bprm)
968{
98738d70 969 struct task_smack *tsp = smack_cred(current_cred());
84088ba2 970
b1d9e6b0
CS		 971 if (tsp->smk_task != tsp->smk_forked)
972 return 1;
84088ba2 973
b1d9e6b0 974 return 0;
676dac4b
CS		 975}
976
e114e473
CS		 977/*
978 * Inode hooks
979 */
980
981/**
982 * smack_inode_alloc_security - allocate an inode blob
251a2a95 983 * @inode: the inode in need of a blob
e114e473
CS		 984 *
985 * Returns 0 if it gets a blob, -ENOMEM otherwise
986 */
987static int smack_inode_alloc_security(struct inode *inode)
988{
2f823ff8
CS		 989 struct smack_known *skp = smk_of_current();
990
33132849
JS		 991 inode->i_security = new_inode_smack(skp);
992 if (inode->i_security == NULL)
993 return -ENOMEM;
e114e473
CS		 994 return 0;
995}
996
33132849
JS		 997/**
998 * smack_inode_free_rcu - Free inode_smack blob from cache
999 * @head: the rcu_head for getting inode_smack pointer
1000 *
1001 * Call back function called from call_rcu() to free
1002 * the i_security blob pointer in inode
1003 */
1004static void smack_inode_free_rcu(struct rcu_head *head)
1005{
1006 struct inode_smack *issp;
1007
1008 issp = container_of(head, struct inode_smack, smk_rcu);
1009 kmem_cache_free(smack_inode_cache, issp);
1010}
1011
1012/**
1013 * smack_inode_free_security - free an inode blob using call_rcu()
1014 * @inode: the inode with a blob
1015 *
1016 * Clears the blob pointer in inode using RCU
1017 */
1018static void smack_inode_free_security(struct inode *inode)
1019{
1020 struct inode_smack *issp = inode->i_security;
1021
1022 /*
1023 * The inode may still be referenced in a path walk and
1024 * a call to smack_inode_permission() can be made
1025 * after smack_inode_free_security() is called.
1026 * To avoid race condition free the i_security via RCU
1027 * and leave the current inode->i_security pointer intact.
1028 * The inode will be freed after the RCU grace period too.
1029 */
1030 call_rcu(&issp->smk_rcu, smack_inode_free_rcu);
1031}
1032
e114e473
CS		 1033/**
1034 * smack_inode_init_security - copy out the smack from an inode
e95ef49b
LP		 1035 * @inode: the newly created inode
1036 * @dir: containing directory object
2a7dba39 1037 * @qstr: unused
e114e473
CS		 1038 * @name: where to put the attribute name
1039 * @value: where to put the attribute value
1040 * @len: where to put the length of the attribute
1041 *
1042 * Returns 0 if it all works out, -ENOMEM if there's no memory
1043 */
1044static int smack_inode_init_security(struct inode *inode, struct inode *dir,
9548906b 1045 const struct qstr *qstr, const char **name,
2a7dba39 1046 void **value, size_t *len)
e114e473 1047{
33132849 1048 struct inode_smack *issp = inode->i_security;
2f823ff8 1049 struct smack_known *skp = smk_of_current();
21c7eae2
LP		 1050 struct smack_known *isp = smk_of_inode(inode);
1051 struct smack_known *dsp = smk_of_inode(dir);
7898e1f8 1052 int may;
e114e473 1053
9548906b
TH		 1054 if (name)
1055 *name = XATTR_SMACK_SUFFIX;
e114e473 1056
68390ccf 1057 if (value && len) {
7898e1f8 1058 rcu_read_lock();
21c7eae2
LP		 1059 may = smk_access_entry(skp->smk_known, dsp->smk_known,
1060 &skp->smk_rules);
7898e1f8 1061 rcu_read_unlock();
5c6d1125
JS		 1062
1063 /*
1064 * If the access rule allows transmutation and
1065 * the directory requests transmutation then
1066 * by all means transmute.
2267b13a 1067 * Mark the inode as changed.
5c6d1125 1068 */
7898e1f8 1069 if (may > 0 && ((may & MAY_TRANSMUTE) != 0) &&
2267b13a 1070 smk_inode_transmutable(dir)) {
5c6d1125 1071 isp = dsp;
2267b13a
CS		 1072 issp->smk_flags |= SMK_INODE_CHANGED;
1073 }
5c6d1125 1074
21c7eae2 1075 *value = kstrdup(isp->smk_known, GFP_NOFS);
e114e473
CS		 1076 if (*value == NULL)
1077 return -ENOMEM;
e114e473 1078
21c7eae2 1079 *len = strlen(isp->smk_known);
68390ccf 1080 }
e114e473
CS		 1081
1082 return 0;
1083}
1084
1085/**
1086 * smack_inode_link - Smack check on link
1087 * @old_dentry: the existing object
1088 * @dir: unused
1089 * @new_dentry: the new object
1090 *
1091 * Returns 0 if access is permitted, an error code otherwise
1092 */
1093static int smack_inode_link(struct dentry *old_dentry, struct inode *dir,
1094 struct dentry *new_dentry)
1095{
21c7eae2 1096 struct smack_known *isp;
ecfcc53f
EB		 1097 struct smk_audit_info ad;
1098 int rc;
1099
a269434d 1100 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 1101 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
e114e473 1102
c6f493d6 1103 isp = smk_of_inode(d_backing_inode(old_dentry));
ecfcc53f 1104 rc = smk_curacc(isp, MAY_WRITE, &ad);
c6f493d6 1105 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_WRITE, rc);
e114e473 1106
8802565b 1107 if (rc == 0 && d_is_positive(new_dentry)) {
c6f493d6 1108 isp = smk_of_inode(d_backing_inode(new_dentry));
ecfcc53f
EB		 1109 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
1110 rc = smk_curacc(isp, MAY_WRITE, &ad);
c6f493d6 1111 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_WRITE, rc);
e114e473
CS		 1112 }
1113
1114 return rc;
1115}
1116
1117/**
1118 * smack_inode_unlink - Smack check on inode deletion
1119 * @dir: containing directory object
1120 * @dentry: file to unlink
1121 *
1122 * Returns 0 if current can write the containing directory
1123 * and the object, error code otherwise
1124 */
1125static int smack_inode_unlink(struct inode *dir, struct dentry *dentry)
1126{
c6f493d6 1127 struct inode *ip = d_backing_inode(dentry);
ecfcc53f 1128 struct smk_audit_info ad;
e114e473
CS		 1129 int rc;
1130
a269434d 1131 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f
EB		 1132 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1133
e114e473
CS		 1134 /*
1135 * You need write access to the thing you're unlinking
1136 */
ecfcc53f 1137 rc = smk_curacc(smk_of_inode(ip), MAY_WRITE, &ad);
d166c802 1138 rc = smk_bu_inode(ip, MAY_WRITE, rc);
ecfcc53f 1139 if (rc == 0) {
e114e473
CS		 1140 /*
1141 * You also need write access to the containing directory
1142 */
cdb56b60 1143 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
ecfcc53f
EB		 1144 smk_ad_setfield_u_fs_inode(&ad, dir);
1145 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
d166c802 1146 rc = smk_bu_inode(dir, MAY_WRITE, rc);
ecfcc53f 1147 }
e114e473
CS		 1148 return rc;
1149}
1150
1151/**
1152 * smack_inode_rmdir - Smack check on directory deletion
1153 * @dir: containing directory object
1154 * @dentry: directory to unlink
1155 *
1156 * Returns 0 if current can write the containing directory
1157 * and the directory, error code otherwise
1158 */
1159static int smack_inode_rmdir(struct inode *dir, struct dentry *dentry)
1160{
ecfcc53f 1161 struct smk_audit_info ad;
e114e473
CS		 1162 int rc;
1163
a269434d 1164 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f
EB		 1165 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1166
e114e473
CS		 1167 /*
1168 * You need write access to the thing you're removing
1169 */
c6f493d6
DH		 1170 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1171 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
ecfcc53f 1172 if (rc == 0) {
e114e473
CS		 1173 /*
1174 * You also need write access to the containing directory
1175 */
cdb56b60 1176 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
ecfcc53f
EB		 1177 smk_ad_setfield_u_fs_inode(&ad, dir);
1178 rc = smk_curacc(smk_of_inode(dir), MAY_WRITE, &ad);
d166c802 1179 rc = smk_bu_inode(dir, MAY_WRITE, rc);
ecfcc53f 1180 }
e114e473
CS		 1181
1182 return rc;
1183}
1184
1185/**
1186 * smack_inode_rename - Smack check on rename
e95ef49b
LP		 1187 * @old_inode: unused
1188 * @old_dentry: the old object
1189 * @new_inode: unused
1190 * @new_dentry: the new object
e114e473
CS		 1191 *
1192 * Read and write access is required on both the old and
1193 * new directories.
1194 *
1195 * Returns 0 if access is permitted, an error code otherwise
1196 */
1197static int smack_inode_rename(struct inode *old_inode,
1198 struct dentry *old_dentry,
1199 struct inode *new_inode,
1200 struct dentry *new_dentry)
1201{
1202 int rc;
21c7eae2 1203 struct smack_known *isp;
ecfcc53f
EB		 1204 struct smk_audit_info ad;
1205
a269434d 1206 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 1207 smk_ad_setfield_u_fs_path_dentry(&ad, old_dentry);
e114e473 1208
c6f493d6 1209 isp = smk_of_inode(d_backing_inode(old_dentry));
ecfcc53f 1210 rc = smk_curacc(isp, MAY_READWRITE, &ad);
c6f493d6 1211 rc = smk_bu_inode(d_backing_inode(old_dentry), MAY_READWRITE, rc);
e114e473 1212
8802565b 1213 if (rc == 0 && d_is_positive(new_dentry)) {
c6f493d6 1214 isp = smk_of_inode(d_backing_inode(new_dentry));
ecfcc53f
EB		 1215 smk_ad_setfield_u_fs_path_dentry(&ad, new_dentry);
1216 rc = smk_curacc(isp, MAY_READWRITE, &ad);
c6f493d6 1217 rc = smk_bu_inode(d_backing_inode(new_dentry), MAY_READWRITE, rc);
e114e473 1218 }
e114e473
CS		 1219 return rc;
1220}
1221
1222/**
1223 * smack_inode_permission - Smack version of permission()
1224 * @inode: the inode in question
1225 * @mask: the access requested
e114e473
CS		 1226 *
1227 * This is the important Smack hook.
1228 *
1229 * Returns 0 if access is permitted, -EACCES otherwise
1230 */
e74f71eb 1231static int smack_inode_permission(struct inode *inode, int mask)
e114e473 1232{
9f50eda2 1233 struct superblock_smack *sbsp = inode->i_sb->s_security;
ecfcc53f 1234 struct smk_audit_info ad;
e74f71eb 1235 int no_block = mask & MAY_NOT_BLOCK;
d166c802 1236 int rc;
d09ca739
EP		 1237
1238 mask &= (MAY_READ|MAY_WRITE|MAY_EXEC|MAY_APPEND);
e114e473
CS		 1239 /*
1240 * No permission to check. Existence test. Yup, it's there.
1241 */
1242 if (mask == 0)
1243 return 0;
8c9e80ed 1244
9f50eda2
SF		 1245 if (sbsp->smk_flags & SMK_SB_UNTRUSTED) {
1246 if (smk_of_inode(inode) != sbsp->smk_root)
1247 return -EACCES;
1248 }
1249
8c9e80ed 1250 /* May be droppable after audit */
e74f71eb 1251 if (no_block)
8c9e80ed 1252 return -ECHILD;
f48b7399 1253 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_INODE);
ecfcc53f 1254 smk_ad_setfield_u_fs_inode(&ad, inode);
d166c802
CS		 1255 rc = smk_curacc(smk_of_inode(inode), mask, &ad);
1256 rc = smk_bu_inode(inode, mask, rc);
1257 return rc;
e114e473
CS		 1258}
1259
1260/**
1261 * smack_inode_setattr - Smack check for setting attributes
1262 * @dentry: the object
1263 * @iattr: for the force flag
1264 *
1265 * Returns 0 if access is permitted, an error code otherwise
1266 */
1267static int smack_inode_setattr(struct dentry *dentry, struct iattr *iattr)
1268{
ecfcc53f 1269 struct smk_audit_info ad;
d166c802
CS		 1270 int rc;
1271
e114e473
CS		 1272 /*
1273 * Need to allow for clearing the setuid bit.
1274 */
1275 if (iattr->ia_valid & ATTR_FORCE)
1276 return 0;
a269434d 1277 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 1278 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
e114e473 1279
c6f493d6
DH		 1280 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1281 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
d166c802 1282 return rc;
e114e473
CS		 1283}
1284
1285/**
1286 * smack_inode_getattr - Smack check for getting attributes
e95ef49b 1287 * @mnt: vfsmount of the object
e114e473
CS		 1288 * @dentry: the object
1289 *
1290 * Returns 0 if access is permitted, an error code otherwise
1291 */
3f7036a0 1292static int smack_inode_getattr(const struct path *path)
e114e473 1293{
ecfcc53f 1294 struct smk_audit_info ad;
c6f493d6 1295 struct inode *inode = d_backing_inode(path->dentry);
d166c802 1296 int rc;
ecfcc53f 1297
f48b7399 1298 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
3f7036a0
AV		 1299 smk_ad_setfield_u_fs_path(&ad, *path);
1300 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
1301 rc = smk_bu_inode(inode, MAY_READ, rc);
d166c802 1302 return rc;
e114e473
CS		 1303}
1304
1305/**
1306 * smack_inode_setxattr - Smack check for setting xattrs
1307 * @dentry: the object
1308 * @name: name of the attribute
e95ef49b
LP		 1309 * @value: value of the attribute
1310 * @size: size of the value
e114e473
CS		 1311 * @flags: unused
1312 *
1313 * This protects the Smack attribute explicitly.
1314 *
1315 * Returns 0 if access is permitted, an error code otherwise
1316 */
8f0cfa52
DH		 1317static int smack_inode_setxattr(struct dentry *dentry, const char *name,
1318 const void *value, size_t size, int flags)
e114e473 1319{
ecfcc53f 1320 struct smk_audit_info ad;
19760ad0
CS		 1321 struct smack_known *skp;
1322 int check_priv = 0;
1323 int check_import = 0;
1324 int check_star = 0;
bcdca225 1325 int rc = 0;
e114e473 1326
19760ad0
CS		 1327 /*
1328 * Check label validity here so import won't fail in post_setxattr
1329 */
bcdca225
CS		 1330 if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1331 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
19760ad0
CS		 1332 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0) {
1333 check_priv = 1;
1334 check_import = 1;
1335 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
1336 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1337 check_priv = 1;
1338 check_import = 1;
1339 check_star = 1;
5c6d1125 1340 } else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
19760ad0 1341 check_priv = 1;
5c6d1125
JS		 1342 if (size != TRANS_TRUE_SIZE ||
1343 strncmp(value, TRANS_TRUE, TRANS_TRUE_SIZE) != 0)
1344 rc = -EINVAL;
bcdca225
CS		 1345 } else
1346 rc = cap_inode_setxattr(dentry, name, value, size, flags);
1347
19760ad0
CS		 1348 if (check_priv && !smack_privileged(CAP_MAC_ADMIN))
1349 rc = -EPERM;
1350
1351 if (rc == 0 && check_import) {
b862e561 1352 skp = size ? smk_import_entry(value, size) : NULL;
e774ad68
LP		 1353 if (IS_ERR(skp))
1354 rc = PTR_ERR(skp);
1355 else if (skp == NULL || (check_star &&
19760ad0
CS		 1356 (skp == &smack_known_star || skp == &smack_known_web)))
1357 rc = -EINVAL;
1358 }
1359
a269434d 1360 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f
EB		 1361 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1362
d166c802 1363 if (rc == 0) {
c6f493d6
DH		 1364 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1365 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
d166c802 1366 }
bcdca225
CS		 1367
1368 return rc;
e114e473
CS		 1369}
1370
1371/**
1372 * smack_inode_post_setxattr - Apply the Smack update approved above
1373 * @dentry: object
1374 * @name: attribute name
1375 * @value: attribute value
1376 * @size: attribute size
1377 * @flags: unused
1378 *
1379 * Set the pointer in the inode blob to the entry found
1380 * in the master label list.
1381 */
8f0cfa52
DH		 1382static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
1383 const void *value, size_t size, int flags)
e114e473 1384{
2f823ff8 1385 struct smack_known *skp;
33132849 1386 struct inode_smack *isp = d_backing_inode(dentry)->i_security;
676dac4b 1387
2f823ff8
CS		 1388 if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0) {
1389 isp->smk_flags |= SMK_INODE_TRANSMUTE;
1390 return;
1391 }
1392
676dac4b 1393 if (strcmp(name, XATTR_NAME_SMACK) == 0) {
9598f4c9 1394 skp = smk_import_entry(value, size);
e774ad68 1395 if (!IS_ERR(skp))
21c7eae2 1396 isp->smk_inode = skp;
5c6d1125 1397 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0) {
9598f4c9 1398 skp = smk_import_entry(value, size);
e774ad68 1399 if (!IS_ERR(skp))
2f823ff8 1400 isp->smk_task = skp;
7898e1f8 1401 } else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
9598f4c9 1402 skp = smk_import_entry(value, size);
e774ad68 1403 if (!IS_ERR(skp))
2f823ff8 1404 isp->smk_mmap = skp;
2f823ff8 1405 }
e114e473
CS		 1406
1407 return;
1408}
1409
ce8a4321 1410/**
e114e473
CS		 1411 * smack_inode_getxattr - Smack check on getxattr
1412 * @dentry: the object
1413 * @name: unused
1414 *
1415 * Returns 0 if access is permitted, an error code otherwise
1416 */
8f0cfa52 1417static int smack_inode_getxattr(struct dentry *dentry, const char *name)
e114e473 1418{
ecfcc53f 1419 struct smk_audit_info ad;
d166c802 1420 int rc;
ecfcc53f 1421
a269434d 1422 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f
EB		 1423 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
1424
c6f493d6
DH		 1425 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_READ, &ad);
1426 rc = smk_bu_inode(d_backing_inode(dentry), MAY_READ, rc);
d166c802 1427 return rc;
e114e473
CS		 1428}
1429
ce8a4321 1430/**
e114e473
CS		 1431 * smack_inode_removexattr - Smack check on removexattr
1432 * @dentry: the object
1433 * @name: name of the attribute
1434 *
1435 * Removing the Smack attribute requires CAP_MAC_ADMIN
1436 *
1437 * Returns 0 if access is permitted, an error code otherwise
1438 */
8f0cfa52 1439static int smack_inode_removexattr(struct dentry *dentry, const char *name)
e114e473 1440{
676dac4b 1441 struct inode_smack *isp;
ecfcc53f 1442 struct smk_audit_info ad;
bcdca225 1443 int rc = 0;
e114e473 1444
bcdca225
CS		 1445 if (strcmp(name, XATTR_NAME_SMACK) == 0 ||
1446 strcmp(name, XATTR_NAME_SMACKIPIN) == 0 ||
676dac4b 1447 strcmp(name, XATTR_NAME_SMACKIPOUT) == 0 ||
5c6d1125 1448 strcmp(name, XATTR_NAME_SMACKEXEC) == 0 ||
7898e1f8 1449 strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0 ||
5e9ab593 1450 strcmp(name, XATTR_NAME_SMACKMMAP) == 0) {
1880eff7 1451 if (!smack_privileged(CAP_MAC_ADMIN))
bcdca225
CS		 1452 rc = -EPERM;
1453 } else
1454 rc = cap_inode_removexattr(dentry, name);
1455
f59bdfba
CS		 1456 if (rc != 0)
1457 return rc;
1458
a269434d 1459 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_DENTRY);
ecfcc53f 1460 smk_ad_setfield_u_fs_path_dentry(&ad, dentry);
bcdca225 1461
c6f493d6
DH		 1462 rc = smk_curacc(smk_of_inode(d_backing_inode(dentry)), MAY_WRITE, &ad);
1463 rc = smk_bu_inode(d_backing_inode(dentry), MAY_WRITE, rc);
f59bdfba
CS		 1464 if (rc != 0)
1465 return rc;
1466
33132849 1467 isp = d_backing_inode(dentry)->i_security;
f59bdfba
CS		 1468 /*
1469 * Don't do anything special for these.
1470 * XATTR_NAME_SMACKIPIN
1471 * XATTR_NAME_SMACKIPOUT
f59bdfba 1472 */
8012495e 1473 if (strcmp(name, XATTR_NAME_SMACK) == 0) {
fc64005c 1474 struct super_block *sbp = dentry->d_sb;
8012495e
JB		 1475 struct superblock_smack *sbsp = sbp->s_security;
1476
1477 isp->smk_inode = sbsp->smk_default;
1478 } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0)
676dac4b 1479 isp->smk_task = NULL;
f59bdfba 1480 else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0)
7898e1f8 1481 isp->smk_mmap = NULL;
f59bdfba
CS		 1482 else if (strcmp(name, XATTR_NAME_SMACKTRANSMUTE) == 0)
1483 isp->smk_flags &= ~SMK_INODE_TRANSMUTE;
676dac4b 1484
f59bdfba 1485 return 0;
e114e473
CS		 1486}
1487
1488/**
1489 * smack_inode_getsecurity - get smack xattrs
1490 * @inode: the object
1491 * @name: attribute name
1492 * @buffer: where to put the result
2b6795af 1493 * @alloc: duplicate memory
e114e473
CS		 1494 *
1495 * Returns the size of the attribute or an error code
1496 */
ea861dfd 1497static int smack_inode_getsecurity(struct inode *inode,
e114e473
CS		 1498 const char *name, void **buffer,
1499 bool alloc)
1500{
1501 struct socket_smack *ssp;
1502 struct socket *sock;
1503 struct super_block *sbp;
1504 struct inode *ip = (struct inode *)inode;
21c7eae2 1505 struct smack_known *isp;
e114e473 1506
2b6795af 1507 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0)
e114e473 1508 isp = smk_of_inode(inode);
2b6795af
CS		 1509 else {
1510 /*
1511 * The rest of the Smack xattrs are only on sockets.
1512 */
1513 sbp = ip->i_sb;
1514 if (sbp->s_magic != SOCKFS_MAGIC)
1515 return -EOPNOTSUPP;
e114e473 1516
2b6795af
CS		 1517 sock = SOCKET_I(ip);
1518 if (sock == NULL || sock->sk == NULL)
1519 return -EOPNOTSUPP;
e114e473 1520
33132849 1521 ssp = sock->sk->sk_security;
e114e473 1522
2b6795af
CS		 1523 if (strcmp(name, XATTR_SMACK_IPIN) == 0)
1524 isp = ssp->smk_in;
1525 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0)
1526 isp = ssp->smk_out;
1527 else
1528 return -EOPNOTSUPP;
1529 }
e114e473 1530
2b6795af
CS		 1531 if (alloc) {
1532 *buffer = kstrdup(isp->smk_known, GFP_KERNEL);
1533 if (*buffer == NULL)
1534 return -ENOMEM;
e114e473
CS		 1535 }
1536
2b6795af 1537 return strlen(isp->smk_known);
e114e473
CS		 1538}
1539
1540
1541/**
1542 * smack_inode_listsecurity - list the Smack attributes
1543 * @inode: the object
1544 * @buffer: where they go
1545 * @buffer_size: size of buffer
e114e473
CS		 1546 */
1547static int smack_inode_listsecurity(struct inode *inode, char *buffer,
1548 size_t buffer_size)
1549{
fd5c9d23 1550 int len = sizeof(XATTR_NAME_SMACK);
e114e473 1551
fd5c9d23 1552 if (buffer != NULL && len <= buffer_size)
e114e473 1553 memcpy(buffer, XATTR_NAME_SMACK, len);
fd5c9d23
KK		 1554
1555 return len;
e114e473
CS		 1556}
1557
d20bdda6
AD		 1558/**
1559 * smack_inode_getsecid - Extract inode's security id
1560 * @inode: inode to extract the info from
1561 * @secid: where result will be saved
1562 */
d6335d77 1563static void smack_inode_getsecid(struct inode *inode, u32 *secid)
d20bdda6 1564{
33132849 1565 struct inode_smack *isp = inode->i_security;
d20bdda6 1566
21c7eae2 1567 *secid = isp->smk_inode->smk_secid;
d20bdda6
AD		 1568}
1569
e114e473
CS		 1570/*
1571 * File Hooks
1572 */
1573
491a0b08
CS		 1574/*
1575 * There is no smack_file_permission hook
e114e473
CS		 1576 *
1577 * Should access checks be done on each read or write?
1578 * UNICOS and SELinux say yes.
1579 * Trusted Solaris, Trusted Irix, and just about everyone else says no.
1580 *
1581 * I'll say no for now. Smack does not do the frequent
1582 * label changing that SELinux does.
1583 */
e114e473
CS		 1584
1585/**
1586 * smack_file_alloc_security - assign a file security blob
1587 * @file: the object
1588 *
1589 * The security blob for a file is a pointer to the master
1590 * label list, so no allocation is done.
1591 *
5e7270a6
CS		 1592 * f_security is the owner security information. It
1593 * isn't used on file access checks, it's for send_sigio.
1594 *
e114e473
CS		 1595 * Returns 0
1596 */
1597static int smack_file_alloc_security(struct file *file)
1598{
004c5200 1599 struct smack_known **blob = smack_file(file);
2f823ff8 1600
004c5200 1601 *blob = smk_of_current();
e114e473
CS		 1602 return 0;
1603}
1604
e114e473
CS		 1605/**
1606 * smack_file_ioctl - Smack check on ioctls
1607 * @file: the object
1608 * @cmd: what to do
1609 * @arg: unused
1610 *
1611 * Relies heavily on the correct use of the ioctl command conventions.
1612 *
1613 * Returns 0 if allowed, error code otherwise
1614 */
1615static int smack_file_ioctl(struct file *file, unsigned int cmd,
1616 unsigned long arg)
1617{
1618 int rc = 0;
ecfcc53f 1619 struct smk_audit_info ad;
5e7270a6 1620 struct inode *inode = file_inode(file);
ecfcc53f 1621
83a1e53f
SWK		 1622 if (unlikely(IS_PRIVATE(inode)))
1623 return 0;
1624
f48b7399 1625 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
ecfcc53f 1626 smk_ad_setfield_u_fs_path(&ad, file->f_path);
e114e473 1627
d166c802 1628 if (_IOC_DIR(cmd) & _IOC_WRITE) {
5e7270a6 1629 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
d166c802
CS		 1630 rc = smk_bu_file(file, MAY_WRITE, rc);
1631 }
e114e473 1632
d166c802 1633 if (rc == 0 && (_IOC_DIR(cmd) & _IOC_READ)) {
5e7270a6 1634 rc = smk_curacc(smk_of_inode(inode), MAY_READ, &ad);
d166c802
CS		 1635 rc = smk_bu_file(file, MAY_READ, rc);
1636 }
e114e473
CS		 1637
1638 return rc;
1639}
1640
1641/**
1642 * smack_file_lock - Smack check on file locking
1643 * @file: the object
251a2a95 1644 * @cmd: unused
e114e473 1645 *
c0ab6e56 1646 * Returns 0 if current has lock access, error code otherwise
e114e473
CS		 1647 */
1648static int smack_file_lock(struct file *file, unsigned int cmd)
1649{
ecfcc53f 1650 struct smk_audit_info ad;
d166c802 1651 int rc;
5e7270a6 1652 struct inode *inode = file_inode(file);
ecfcc53f 1653
83a1e53f
SWK		 1654 if (unlikely(IS_PRIVATE(inode)))
1655 return 0;
1656
92f42509
EP		 1657 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1658 smk_ad_setfield_u_fs_path(&ad, file->f_path);
5e7270a6 1659 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
d166c802
CS		 1660 rc = smk_bu_file(file, MAY_LOCK, rc);
1661 return rc;
e114e473
CS		 1662}
1663
1664/**
1665 * smack_file_fcntl - Smack check on fcntl
1666 * @file: the object
1667 * @cmd: what action to check
1668 * @arg: unused
1669 *
531f1d45
CS		 1670 * Generally these operations are harmless.
1671 * File locking operations present an obvious mechanism
1672 * for passing information, so they require write access.
1673 *
e114e473
CS		 1674 * Returns 0 if current has access, error code otherwise
1675 */
1676static int smack_file_fcntl(struct file *file, unsigned int cmd,
1677 unsigned long arg)
1678{
ecfcc53f 1679 struct smk_audit_info ad;
531f1d45 1680 int rc = 0;
5e7270a6 1681 struct inode *inode = file_inode(file);
ecfcc53f 1682
83a1e53f
SWK		 1683 if (unlikely(IS_PRIVATE(inode)))
1684 return 0;
1685
e114e473 1686 switch (cmd) {
e114e473 1687 case F_GETLK:
c0ab6e56 1688 break;
e114e473
CS		 1689 case F_SETLK:
1690 case F_SETLKW:
c0ab6e56
CS		 1691 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1692 smk_ad_setfield_u_fs_path(&ad, file->f_path);
5e7270a6 1693 rc = smk_curacc(smk_of_inode(inode), MAY_LOCK, &ad);
d166c802 1694 rc = smk_bu_file(file, MAY_LOCK, rc);
c0ab6e56 1695 break;
e114e473
CS		 1696 case F_SETOWN:
1697 case F_SETSIG:
531f1d45
CS		 1698 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1699 smk_ad_setfield_u_fs_path(&ad, file->f_path);
5e7270a6 1700 rc = smk_curacc(smk_of_inode(inode), MAY_WRITE, &ad);
d166c802 1701 rc = smk_bu_file(file, MAY_WRITE, rc);
e114e473
CS		 1702 break;
1703 default:
531f1d45 1704 break;
e114e473
CS		 1705 }
1706
1707 return rc;
1708}
1709
7898e1f8 1710/**
e5467859 1711 * smack_mmap_file :
7898e1f8
CS		 1712 * Check permissions for a mmap operation. The @file may be NULL, e.g.
1713 * if mapping anonymous memory.
1714 * @file contains the file structure for file to map (may be NULL).
1715 * @reqprot contains the protection requested by the application.
1716 * @prot contains the protection that will be applied by the kernel.
1717 * @flags contains the operational flags.
1718 * Return 0 if permission is granted.
1719 */
e5467859 1720static int smack_mmap_file(struct file *file,
7898e1f8 1721 unsigned long reqprot, unsigned long prot,
e5467859 1722 unsigned long flags)
7898e1f8 1723{
272cd7a8 1724 struct smack_known *skp;
2f823ff8 1725 struct smack_known *mkp;
7898e1f8
CS		 1726 struct smack_rule *srp;
1727 struct task_smack *tsp;
21c7eae2 1728 struct smack_known *okp;
7898e1f8 1729 struct inode_smack *isp;
809c02e0 1730 struct superblock_smack *sbsp;
0e0a070d
CS		 1731 int may;
1732 int mmay;
1733 int tmay;
7898e1f8
CS		 1734 int rc;
1735
496ad9aa 1736 if (file == NULL)
7898e1f8
CS		 1737 return 0;
1738
83a1e53f
SWK		 1739 if (unlikely(IS_PRIVATE(file_inode(file))))
1740 return 0;
1741
33132849 1742 isp = file_inode(file)->i_security;
7898e1f8
CS		 1743 if (isp->smk_mmap == NULL)
1744 return 0;
809c02e0
SF		 1745 sbsp = file_inode(file)->i_sb->s_security;
1746 if (sbsp->smk_flags & SMK_SB_UNTRUSTED &&
1747 isp->smk_mmap != sbsp->smk_root)
1748 return -EACCES;
2f823ff8 1749 mkp = isp->smk_mmap;
7898e1f8 1750
98738d70 1751 tsp = smack_cred(current_cred());
2f823ff8 1752 skp = smk_of_current();
7898e1f8
CS		 1753 rc = 0;
1754
1755 rcu_read_lock();
1756 /*
1757 * For each Smack rule associated with the subject
1758 * label verify that the SMACK64MMAP also has access
1759 * to that rule's object label.
7898e1f8 1760 */
272cd7a8 1761 list_for_each_entry_rcu(srp, &skp->smk_rules, list) {
21c7eae2 1762 okp = srp->smk_object;
7898e1f8
CS		 1763 /*
1764 * Matching labels always allows access.
1765 */
21c7eae2 1766 if (mkp->smk_known == okp->smk_known)
7898e1f8 1767 continue;
0e0a070d
CS		 1768 /*
1769 * If there is a matching local rule take
1770 * that into account as well.
1771 */
21c7eae2
LP		 1772 may = smk_access_entry(srp->smk_subject->smk_known,
1773 okp->smk_known,
1774 &tsp->smk_rules);
0e0a070d
CS		 1775 if (may == -ENOENT)
1776 may = srp->smk_access;
1777 else
1778 may &= srp->smk_access;
1779 /*
1780 * If may is zero the SMACK64MMAP subject can't
1781 * possibly have less access.
1782 */
1783 if (may == 0)
1784 continue;
1785
1786 /*
1787 * Fetch the global list entry.
1788 * If there isn't one a SMACK64MMAP subject
1789 * can't have as much access as current.
1790 */
21c7eae2
LP		 1791 mmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1792 &mkp->smk_rules);
0e0a070d
CS		 1793 if (mmay == -ENOENT) {
1794 rc = -EACCES;
1795 break;
1796 }
1797 /*
1798 * If there is a local entry it modifies the
1799 * potential access, too.
1800 */
21c7eae2
LP		 1801 tmay = smk_access_entry(mkp->smk_known, okp->smk_known,
1802 &tsp->smk_rules);
0e0a070d
CS		 1803 if (tmay != -ENOENT)
1804 mmay &= tmay;
7898e1f8 1805
0e0a070d
CS		 1806 /*
1807 * If there is any access available to current that is
1808 * not available to a SMACK64MMAP subject
1809 * deny access.
1810 */
75a25637 1811 if ((may | mmay) != mmay) {
0e0a070d 1812 rc = -EACCES;
7898e1f8 1813 break;
0e0a070d 1814 }
7898e1f8
CS		 1815 }
1816
1817 rcu_read_unlock();
1818
1819 return rc;
1820}
1821
e114e473
CS		 1822/**
1823 * smack_file_set_fowner - set the file security blob value
1824 * @file: object in question
1825 *
e114e473 1826 */
e0b93edd 1827static void smack_file_set_fowner(struct file *file)
e114e473 1828{
004c5200
CS		 1829 struct smack_known **blob = smack_file(file);
1830
1831 *blob = smk_of_current();
e114e473
CS		 1832}
1833
1834/**
1835 * smack_file_send_sigiotask - Smack on sigio
1836 * @tsk: The target task
1837 * @fown: the object the signal come from
1838 * @signum: unused
1839 *
1840 * Allow a privileged task to get signals even if it shouldn't
1841 *
1842 * Returns 0 if a subject with the object's smack could
1843 * write to the task, an error code otherwise.
1844 */
1845static int smack_file_send_sigiotask(struct task_struct *tsk,
1846 struct fown_struct *fown, int signum)
1847{
004c5200 1848 struct smack_known **blob;
2f823ff8 1849 struct smack_known *skp;
98738d70 1850 struct smack_known *tkp = smk_of_task(smack_cred(tsk->cred));
e114e473
CS		 1851 struct file *file;
1852 int rc;
ecfcc53f 1853 struct smk_audit_info ad;
e114e473
CS		 1854
1855 /*
1856 * struct fown_struct is never outside the context of a struct file
1857 */
1858 file = container_of(fown, struct file, f_owner);
7898e1f8 1859
ecfcc53f 1860 /* we don't log here as rc can be overriden */
004c5200
CS		 1861 blob = smack_file(file);
1862 skp = *blob;
c60b9066
CS		 1863 rc = smk_access(skp, tkp, MAY_DELIVER, NULL);
1864 rc = smk_bu_note("sigiotask", skp, tkp, MAY_DELIVER, rc);
5cd9c58f 1865 if (rc != 0 && has_capability(tsk, CAP_MAC_OVERRIDE))
ecfcc53f
EB		 1866 rc = 0;
1867
1868 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
1869 smk_ad_setfield_u_tsk(&ad, tsk);
c60b9066 1870 smack_log(skp->smk_known, tkp->smk_known, MAY_DELIVER, rc, &ad);
e114e473
CS		 1871 return rc;
1872}
1873
1874/**
1875 * smack_file_receive - Smack file receive check
1876 * @file: the object
1877 *
1878 * Returns 0 if current has access, error code otherwise
1879 */
1880static int smack_file_receive(struct file *file)
1881{
d166c802 1882 int rc;
e114e473 1883 int may = 0;
ecfcc53f 1884 struct smk_audit_info ad;
5e7270a6 1885 struct inode *inode = file_inode(file);
79be0935
CS		 1886 struct socket *sock;
1887 struct task_smack *tsp;
1888 struct socket_smack *ssp;
e114e473 1889
9777582e
SWK		 1890 if (unlikely(IS_PRIVATE(inode)))
1891 return 0;
1892
4482a44f 1893 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
ecfcc53f 1894 smk_ad_setfield_u_fs_path(&ad, file->f_path);
79be0935 1895
51d59af2 1896 if (inode->i_sb->s_magic == SOCKFS_MAGIC) {
79be0935 1897 sock = SOCKET_I(inode);
33132849 1898 ssp = sock->sk->sk_security;
98738d70 1899 tsp = smack_cred(current_cred());
79be0935
CS		 1900 /*
1901 * If the receiving process can't write to the
1902 * passed socket or if the passed socket can't
1903 * write to the receiving process don't accept
1904 * the passed socket.
1905 */
1906 rc = smk_access(tsp->smk_task, ssp->smk_out, MAY_WRITE, &ad);
1907 rc = smk_bu_file(file, may, rc);
1908 if (rc < 0)
1909 return rc;
1910 rc = smk_access(ssp->smk_in, tsp->smk_task, MAY_WRITE, &ad);
1911 rc = smk_bu_file(file, may, rc);
1912 return rc;
1913 }
e114e473
CS		 1914 /*
1915 * This code relies on bitmasks.
1916 */
1917 if (file->f_mode & FMODE_READ)
1918 may = MAY_READ;
1919 if (file->f_mode & FMODE_WRITE)
1920 may |= MAY_WRITE;
1921
5e7270a6 1922 rc = smk_curacc(smk_of_inode(inode), may, &ad);
d166c802
CS		 1923 rc = smk_bu_file(file, may, rc);
1924 return rc;
e114e473
CS		 1925}
1926
531f1d45 1927/**
83d49856 1928 * smack_file_open - Smack dentry open processing
531f1d45 1929 * @file: the object
a6834c0b 1930 * @cred: task credential
531f1d45
CS		 1931 *
1932 * Set the security blob in the file structure.
a6834c0b
CS		 1933 * Allow the open only if the task has read access. There are
1934 * many read operations (e.g. fstat) that you can do with an
1935 * fd even if you have the file open write-only.
531f1d45
CS		 1936 *
1937 * Returns 0
1938 */
83d49856 1939static int smack_file_open(struct file *file, const struct cred *cred)
531f1d45 1940{
98738d70 1941 struct task_smack *tsp = smack_cred(cred);
5e7270a6 1942 struct inode *inode = file_inode(file);
a6834c0b
CS		 1943 struct smk_audit_info ad;
1944 int rc;
531f1d45 1945
a6834c0b
CS		 1946 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
1947 smk_ad_setfield_u_fs_path(&ad, file->f_path);
c9d238a1 1948 rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad);
d166c802 1949 rc = smk_bu_credfile(cred, file, MAY_READ, rc);
a6834c0b
CS		 1950
1951 return rc;
531f1d45
CS		 1952}
1953
e114e473
CS		 1954/*
1955 * Task hooks
1956 */
1957
ee18d64c
DH		 1958/**
1959 * smack_cred_alloc_blank - "allocate" blank task-level security credentials
1960 * @new: the new credentials
1961 * @gfp: the atomicity of any memory allocations
1962 *
1963 * Prepare a blank set of credentials for modification. This must allocate all
1964 * the memory the LSM module might require such that cred_transfer() can
1965 * complete without error.
1966 */
1967static int smack_cred_alloc_blank(struct cred *cred, gfp_t gfp)
1968{
98738d70 1969 init_task_smack(smack_cred(cred), NULL, NULL);
ee18d64c
DH		 1970 return 0;
1971}
1972
1973
e114e473 1974/**
f1752eec
DH		 1975 * smack_cred_free - "free" task-level security credentials
1976 * @cred: the credentials in question
e114e473 1977 *
e114e473 1978 */
f1752eec 1979static void smack_cred_free(struct cred *cred)
e114e473 1980{
98738d70 1981 struct task_smack *tsp = smack_cred(cred);
7898e1f8
CS		 1982 struct smack_rule *rp;
1983 struct list_head *l;
1984 struct list_head *n;
1985
38416e53
ZJ		 1986 smk_destroy_label_list(&tsp->smk_relabel);
1987
7898e1f8
CS		 1988 list_for_each_safe(l, n, &tsp->smk_rules) {
1989 rp = list_entry(l, struct smack_rule, list);
1990 list_del(&rp->list);
1991 kfree(rp);
1992 }
e114e473
CS		 1993}
1994
d84f4f99
DH		 1995/**
1996 * smack_cred_prepare - prepare new set of credentials for modification
1997 * @new: the new credentials
1998 * @old: the original credentials
1999 * @gfp: the atomicity of any memory allocations
2000 *
2001 * Prepare a new set of credentials for modification.
2002 */
2003static int smack_cred_prepare(struct cred *new, const struct cred *old,
2004 gfp_t gfp)
2005{
98738d70
CS		 2006 struct task_smack *old_tsp = smack_cred(old);
2007 struct task_smack *new_tsp = smack_cred(new);
7898e1f8 2008 int rc;
676dac4b 2009
98738d70 2010 init_task_smack(new_tsp, old_tsp->smk_task, old_tsp->smk_task);
b437aba8 2011
7898e1f8
CS		 2012 rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp);
2013 if (rc != 0)
2014 return rc;
2015
38416e53
ZJ		 2016 rc = smk_copy_relabel(&new_tsp->smk_relabel, &old_tsp->smk_relabel,
2017 gfp);
98738d70 2018 return rc;
d84f4f99
DH		 2019}
2020
ee18d64c
DH		 2021/**
2022 * smack_cred_transfer - Transfer the old credentials to the new credentials
2023 * @new: the new credentials
2024 * @old: the original credentials
2025 *
2026 * Fill in a set of blank credentials from another set of credentials.
2027 */
2028static void smack_cred_transfer(struct cred *new, const struct cred *old)
2029{
98738d70
CS		 2030 struct task_smack *old_tsp = smack_cred(old);
2031 struct task_smack *new_tsp = smack_cred(new);
676dac4b
CS		 2032
2033 new_tsp->smk_task = old_tsp->smk_task;
2034 new_tsp->smk_forked = old_tsp->smk_task;
7898e1f8
CS		 2035 mutex_init(&new_tsp->smk_rules_lock);
2036 INIT_LIST_HEAD(&new_tsp->smk_rules);
2037
7898e1f8 2038 /* cbs copy rule list */
ee18d64c
DH		 2039}
2040
3a3b7ce9
DH		 2041/**
2042 * smack_kernel_act_as - Set the subjective context in a set of credentials
251a2a95
RD		 2043 * @new: points to the set of credentials to be modified.
2044 * @secid: specifies the security ID to be set
3a3b7ce9
DH		 2045 *
2046 * Set the security data for a kernel service.
2047 */
2048static int smack_kernel_act_as(struct cred *new, u32 secid)
2049{
98738d70 2050 struct task_smack *new_tsp = smack_cred(new);
3a3b7ce9 2051
152f91d4 2052 new_tsp->smk_task = smack_from_secid(secid);
3a3b7ce9
DH		 2053 return 0;
2054}
2055
2056/**
2057 * smack_kernel_create_files_as - Set the file creation label in a set of creds
251a2a95
RD		 2058 * @new: points to the set of credentials to be modified
2059 * @inode: points to the inode to use as a reference
3a3b7ce9
DH		 2060 *
2061 * Set the file creation context in a set of credentials to the same
2062 * as the objective context of the specified inode
2063 */
2064static int smack_kernel_create_files_as(struct cred *new,
2065 struct inode *inode)
2066{
33132849 2067 struct inode_smack *isp = inode->i_security;
98738d70 2068 struct task_smack *tsp = smack_cred(new);
3a3b7ce9 2069
21c7eae2 2070 tsp->smk_forked = isp->smk_inode;
2f823ff8 2071 tsp->smk_task = tsp->smk_forked;
3a3b7ce9
DH		 2072 return 0;
2073}
2074
ecfcc53f
EB		 2075/**
2076 * smk_curacc_on_task - helper to log task related access
2077 * @p: the task object
531f1d45
CS		 2078 * @access: the access requested
2079 * @caller: name of the calling function for audit
ecfcc53f
EB		 2080 *
2081 * Return 0 if access is permitted
2082 */
531f1d45
CS		 2083static int smk_curacc_on_task(struct task_struct *p, int access,
2084 const char *caller)
ecfcc53f
EB		 2085{
2086 struct smk_audit_info ad;
6d1cff2a 2087 struct smack_known *skp = smk_of_task_struct(p);
d166c802 2088 int rc;
ecfcc53f 2089
531f1d45 2090 smk_ad_init(&ad, caller, LSM_AUDIT_DATA_TASK);
ecfcc53f 2091 smk_ad_setfield_u_tsk(&ad, p);
21c7eae2 2092 rc = smk_curacc(skp, access, &ad);
d166c802
CS		 2093 rc = smk_bu_task(p, access, rc);
2094 return rc;
ecfcc53f
EB		 2095}
2096
e114e473
CS		 2097/**
2098 * smack_task_setpgid - Smack check on setting pgid
2099 * @p: the task object
2100 * @pgid: unused
2101 *
2102 * Return 0 if write access is permitted
2103 */
2104static int smack_task_setpgid(struct task_struct *p, pid_t pgid)
2105{
531f1d45 2106 return smk_curacc_on_task(p, MAY_WRITE, __func__);
e114e473
CS		 2107}
2108
2109/**
2110 * smack_task_getpgid - Smack access check for getpgid
2111 * @p: the object task
2112 *
2113 * Returns 0 if current can read the object task, error code otherwise
2114 */
2115static int smack_task_getpgid(struct task_struct *p)
2116{
531f1d45 2117 return smk_curacc_on_task(p, MAY_READ, __func__);
e114e473
CS		 2118}
2119
2120/**
2121 * smack_task_getsid - Smack access check for getsid
2122 * @p: the object task
2123 *
2124 * Returns 0 if current can read the object task, error code otherwise
2125 */
2126static int smack_task_getsid(struct task_struct *p)
2127{
531f1d45 2128 return smk_curacc_on_task(p, MAY_READ, __func__);
e114e473
CS		 2129}
2130
2131/**
2132 * smack_task_getsecid - get the secid of the task
2133 * @p: the object task
2134 * @secid: where to put the result
2135 *
2136 * Sets the secid to contain a u32 version of the smack label.
2137 */
2138static void smack_task_getsecid(struct task_struct *p, u32 *secid)
2139{
6d1cff2a 2140 struct smack_known *skp = smk_of_task_struct(p);
2f823ff8
CS		 2141
2142 *secid = skp->smk_secid;
e114e473
CS		 2143}
2144
2145/**
2146 * smack_task_setnice - Smack check on setting nice
2147 * @p: the task object
2148 * @nice: unused
2149 *
2150 * Return 0 if write access is permitted
2151 */
2152static int smack_task_setnice(struct task_struct *p, int nice)
2153{
b1d9e6b0 2154 return smk_curacc_on_task(p, MAY_WRITE, __func__);
e114e473
CS		 2155}
2156
2157/**
2158 * smack_task_setioprio - Smack check on setting ioprio
2159 * @p: the task object
2160 * @ioprio: unused
2161 *
2162 * Return 0 if write access is permitted
2163 */
2164static int smack_task_setioprio(struct task_struct *p, int ioprio)
2165{
b1d9e6b0 2166 return smk_curacc_on_task(p, MAY_WRITE, __func__);
e114e473
CS		 2167}
2168
2169/**
2170 * smack_task_getioprio - Smack check on reading ioprio
2171 * @p: the task object
2172 *
2173 * Return 0 if read access is permitted
2174 */
2175static int smack_task_getioprio(struct task_struct *p)
2176{
531f1d45 2177 return smk_curacc_on_task(p, MAY_READ, __func__);
e114e473
CS		 2178}
2179
2180/**
2181 * smack_task_setscheduler - Smack check on setting scheduler
2182 * @p: the task object
2183 * @policy: unused
2184 * @lp: unused
2185 *
2186 * Return 0 if read access is permitted
2187 */
b0ae1981 2188static int smack_task_setscheduler(struct task_struct *p)
e114e473 2189{
b1d9e6b0 2190 return smk_curacc_on_task(p, MAY_WRITE, __func__);
e114e473
CS		 2191}
2192
2193/**
2194 * smack_task_getscheduler - Smack check on reading scheduler
2195 * @p: the task object
2196 *
2197 * Return 0 if read access is permitted
2198 */
2199static int smack_task_getscheduler(struct task_struct *p)
2200{
531f1d45 2201 return smk_curacc_on_task(p, MAY_READ, __func__);
e114e473
CS		 2202}
2203
2204/**
2205 * smack_task_movememory - Smack check on moving memory
2206 * @p: the task object
2207 *
2208 * Return 0 if write access is permitted
2209 */
2210static int smack_task_movememory(struct task_struct *p)
2211{
531f1d45 2212 return smk_curacc_on_task(p, MAY_WRITE, __func__);
e114e473
CS		 2213}
2214
2215/**
2216 * smack_task_kill - Smack check on signal delivery
2217 * @p: the task object
2218 * @info: unused
2219 * @sig: unused
2220 * @secid: identifies the smack to use in lieu of current's
2221 *
2222 * Return 0 if write access is permitted
2223 *
2224 * The secid behavior is an artifact of an SELinux hack
2225 * in the USB code. Someday it may go away.
2226 */
2227static int smack_task_kill(struct task_struct *p, struct siginfo *info,
2228 int sig, u32 secid)
2229{
ecfcc53f 2230 struct smk_audit_info ad;
2f823ff8 2231 struct smack_known *skp;
6d1cff2a 2232 struct smack_known *tkp = smk_of_task_struct(p);
d166c802 2233 int rc;
ecfcc53f 2234
18d872f7
RK		 2235 if (!sig)
2236 return 0; /* null signal; existence test */
2237
ecfcc53f
EB		 2238 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_TASK);
2239 smk_ad_setfield_u_tsk(&ad, p);
e114e473
CS		 2240 /*
2241 * Sending a signal requires that the sender
2242 * can write the receiver.
2243 */
d166c802 2244 if (secid == 0) {
c60b9066
CS		 2245 rc = smk_curacc(tkp, MAY_DELIVER, &ad);
2246 rc = smk_bu_task(p, MAY_DELIVER, rc);
d166c802
CS		 2247 return rc;
2248 }
e114e473
CS		 2249 /*
2250 * If the secid isn't 0 we're dealing with some USB IO
2251 * specific behavior. This is not clean. For one thing
2252 * we can't take privilege into account.
2253 */
2f823ff8 2254 skp = smack_from_secid(secid);
c60b9066
CS		 2255 rc = smk_access(skp, tkp, MAY_DELIVER, &ad);
2256 rc = smk_bu_note("USB signal", skp, tkp, MAY_DELIVER, rc);
d166c802 2257 return rc;
e114e473
CS		 2258}
2259
e114e473
CS		 2260/**
2261 * smack_task_to_inode - copy task smack into the inode blob
2262 * @p: task to copy from
251a2a95 2263 * @inode: inode to copy to
e114e473
CS		 2264 *
2265 * Sets the smack pointer in the inode security blob
2266 */
2267static void smack_task_to_inode(struct task_struct *p, struct inode *inode)
2268{
33132849 2269 struct inode_smack *isp = inode->i_security;
6d1cff2a 2270 struct smack_known *skp = smk_of_task_struct(p);
2f823ff8 2271
21c7eae2 2272 isp->smk_inode = skp;
e114e473
CS		 2273}
2274
2275/*
2276 * Socket hooks.
2277 */
2278
2279/**
2280 * smack_sk_alloc_security - Allocate a socket blob
2281 * @sk: the socket
2282 * @family: unused
251a2a95 2283 * @gfp_flags: memory allocation flags
e114e473
CS		 2284 *
2285 * Assign Smack pointers to current
2286 *
2287 * Returns 0 on success, -ENOMEM is there's no memory
2288 */
2289static int smack_sk_alloc_security(struct sock *sk, int family, gfp_t gfp_flags)
2290{
2f823ff8 2291 struct smack_known *skp = smk_of_current();
33132849
JS		 2292 struct socket_smack *ssp;
2293
2294 ssp = kzalloc(sizeof(struct socket_smack), gfp_flags);
2295 if (ssp == NULL)
2296 return -ENOMEM;
e114e473 2297
08382c9f 2298 /*
2299 * Sockets created by kernel threads receive web label.
2300 */
2301 if (unlikely(current->flags & PF_KTHREAD)) {
2302 ssp->smk_in = &smack_known_web;
2303 ssp->smk_out = &smack_known_web;
2304 } else {
2305 ssp->smk_in = skp;
2306 ssp->smk_out = skp;
2307 }
272cd7a8 2308 ssp->smk_packet = NULL;
e114e473 2309
33132849
JS		 2310 sk->sk_security = ssp;
2311
e114e473
CS		 2312 return 0;
2313}
2314
2315/**
2316 * smack_sk_free_security - Free a socket blob
2317 * @sk: the socket
2318 *
2319 * Clears the blob pointer
2320 */
2321static void smack_sk_free_security(struct sock *sk)
2322{
33132849 2323#ifdef SMACK_IPV6_PORT_LABELING
0c96d1f5
VG		 2324 struct smk_port_label *spp;
2325
2326 if (sk->sk_family == PF_INET6) {
2327 rcu_read_lock();
2328 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
2329 if (spp->smk_sock != sk)
2330 continue;
2331 spp->smk_can_reuse = 1;
2332 break;
2333 }
2334 rcu_read_unlock();
2335 }
ac8f82a0 2336#endif
33132849
JS		 2337 kfree(sk->sk_security);
2338}
e114e473 2339
07feee8f 2340/**
21abb1ec 2341* smack_ipv4host_label - check host based restrictions
07feee8f
PM		 2342* @sip: the object end
2343*
2344* looks for host based access restrictions
2345*
2346* This version will only be appropriate for really small sets of single label
2347* hosts. The caller is responsible for ensuring that the RCU read lock is
2348* taken before calling this function.
2349*
2350* Returns the label of the far end or NULL if it's not special.
2351*/
21abb1ec 2352static struct smack_known *smack_ipv4host_label(struct sockaddr_in *sip)
07feee8f 2353{
21abb1ec 2354 struct smk_net4addr *snp;
07feee8f
PM		 2355 struct in_addr *siap = &sip->sin_addr;
2356
2357 if (siap->s_addr == 0)
2358 return NULL;
2359
21abb1ec
CS		 2360 list_for_each_entry_rcu(snp, &smk_net4addr_list, list)
2361 /*
2362 * we break after finding the first match because
2363 * the list is sorted from longest to shortest mask
2364 * so we have found the most specific match
2365 */
2366 if (snp->smk_host.s_addr ==
2367 (siap->s_addr & snp->smk_mask.s_addr))
2368 return snp->smk_label;
2369
2370 return NULL;
2371}
2372
2373#if IS_ENABLED(CONFIG_IPV6)
2374/*
2375 * smk_ipv6_localhost - Check for local ipv6 host address
2376 * @sip: the address
2377 *
2378 * Returns boolean true if this is the localhost address
2379 */
2380static bool smk_ipv6_localhost(struct sockaddr_in6 *sip)
2381{
2382 __be16 *be16p = (__be16 *)&sip->sin6_addr;
2383 __be32 *be32p = (__be32 *)&sip->sin6_addr;
2384
2385 if (be32p[0] == 0 && be32p[1] == 0 && be32p[2] == 0 && be16p[6] == 0 &&
2386 ntohs(be16p[7]) == 1)
2387 return true;
2388 return false;
2389}
2390
2391/**
2392* smack_ipv6host_label - check host based restrictions
2393* @sip: the object end
2394*
2395* looks for host based access restrictions
2396*
2397* This version will only be appropriate for really small sets of single label
2398* hosts. The caller is responsible for ensuring that the RCU read lock is
2399* taken before calling this function.
2400*
2401* Returns the label of the far end or NULL if it's not special.
2402*/
2403static struct smack_known *smack_ipv6host_label(struct sockaddr_in6 *sip)
2404{
2405 struct smk_net6addr *snp;
2406 struct in6_addr *sap = &sip->sin6_addr;
2407 int i;
2408 int found = 0;
2409
2410 /*
2411 * It's local. Don't look for a host label.
2412 */
2413 if (smk_ipv6_localhost(sip))
2414 return NULL;
2415
2416 list_for_each_entry_rcu(snp, &smk_net6addr_list, list) {
2e4939f7
CS		 2417 /*
2418 * If the label is NULL the entry has
2419 * been renounced. Ignore it.
2420 */
2421 if (snp->smk_label == NULL)
2422 continue;
07feee8f
PM		 2423 /*
2424 * we break after finding the first match because
2425 * the list is sorted from longest to shortest mask
2426 * so we have found the most specific match
2427 */
21abb1ec 2428 for (found = 1, i = 0; i < 8; i++) {
21abb1ec
CS		 2429 if ((sap->s6_addr16[i] & snp->smk_mask.s6_addr16[i]) !=
2430 snp->smk_host.s6_addr16[i]) {
2431 found = 0;
2432 break;
2433 }
4303154e 2434 }
21abb1ec
CS		 2435 if (found)
2436 return snp->smk_label;
2437 }
07feee8f
PM		 2438
2439 return NULL;
2440}
21abb1ec 2441#endif /* CONFIG_IPV6 */
07feee8f 2442
e114e473
CS		 2443/**
2444 * smack_netlabel - Set the secattr on a socket
2445 * @sk: the socket
6d3dc07c 2446 * @labeled: socket label scheme
e114e473
CS		 2447 *
2448 * Convert the outbound smack value (smk_out) to a
2449 * secattr and attach it to the socket.
2450 *
2451 * Returns 0 on success or an error code
2452 */
6d3dc07c 2453static int smack_netlabel(struct sock *sk, int labeled)
e114e473 2454{
f7112e6c 2455 struct smack_known *skp;
33132849 2456 struct socket_smack *ssp = sk->sk_security;
6d3dc07c 2457 int rc = 0;
e114e473 2458
6d3dc07c
CS		 2459 /*
2460 * Usually the netlabel code will handle changing the
2461 * packet labeling based on the label.
2462 * The case of a single label host is different, because
2463 * a single label host should never get a labeled packet
2464 * even though the label is usually associated with a packet
2465 * label.
2466 */
2467 local_bh_disable();
2468 bh_lock_sock_nested(sk);
2469
2470 if (ssp->smk_out == smack_net_ambient ||
2471 labeled == SMACK_UNLABELED_SOCKET)
2472 netlbl_sock_delattr(sk);
2473 else {
2f823ff8 2474 skp = ssp->smk_out;
f7112e6c 2475 rc = netlbl_sock_setattr(sk, sk->sk_family, &skp->smk_netlabel);
6d3dc07c
CS		 2476 }
2477
2478 bh_unlock_sock(sk);
2479 local_bh_enable();
4bc87e62 2480
e114e473
CS		 2481 return rc;
2482}
2483
07feee8f
PM		 2484/**
2485 * smack_netlbel_send - Set the secattr on a socket and perform access checks
2486 * @sk: the socket
2487 * @sap: the destination address
2488 *
2489 * Set the correct secattr for the given socket based on the destination
2490 * address and perform any outbound access checks needed.
2491 *
2492 * Returns 0 on success or an error code.
2493 *
2494 */
2495static int smack_netlabel_send(struct sock *sk, struct sockaddr_in *sap)
2496{
2f823ff8 2497 struct smack_known *skp;
07feee8f
PM		 2498 int rc;
2499 int sk_lbl;
21c7eae2 2500 struct smack_known *hkp;
33132849 2501 struct socket_smack *ssp = sk->sk_security;
ecfcc53f 2502 struct smk_audit_info ad;
07feee8f
PM		 2503
2504 rcu_read_lock();
21abb1ec 2505 hkp = smack_ipv4host_label(sap);
21c7eae2 2506 if (hkp != NULL) {
ecfcc53f 2507#ifdef CONFIG_AUDIT
923e9a13
KC		 2508 struct lsm_network_audit net;
2509
48c62af6
EP		 2510 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2511 ad.a.u.net->family = sap->sin_family;
2512 ad.a.u.net->dport = sap->sin_port;
2513 ad.a.u.net->v4info.daddr = sap->sin_addr.s_addr;
ecfcc53f 2514#endif
923e9a13 2515 sk_lbl = SMACK_UNLABELED_SOCKET;
2f823ff8 2516 skp = ssp->smk_out;
21c7eae2
LP		 2517 rc = smk_access(skp, hkp, MAY_WRITE, &ad);
2518 rc = smk_bu_note("IPv4 host check", skp, hkp, MAY_WRITE, rc);
07feee8f
PM		 2519 } else {
2520 sk_lbl = SMACK_CIPSO_SOCKET;
2521 rc = 0;
2522 }
2523 rcu_read_unlock();
2524 if (rc != 0)
2525 return rc;
2526
2527 return smack_netlabel(sk, sk_lbl);
2528}
2529
21abb1ec
CS		 2530#if IS_ENABLED(CONFIG_IPV6)
2531/**
2532 * smk_ipv6_check - check Smack access
2533 * @subject: subject Smack label
2534 * @object: object Smack label
2535 * @address: address
2536 * @act: the action being taken
2537 *
2538 * Check an IPv6 access
2539 */
2540static int smk_ipv6_check(struct smack_known *subject,
2541 struct smack_known *object,
2542 struct sockaddr_in6 *address, int act)
2543{
2544#ifdef CONFIG_AUDIT
2545 struct lsm_network_audit net;
2546#endif
2547 struct smk_audit_info ad;
2548 int rc;
2549
2550#ifdef CONFIG_AUDIT
2551 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
2552 ad.a.u.net->family = PF_INET6;
2553 ad.a.u.net->dport = ntohs(address->sin6_port);
2554 if (act == SMK_RECEIVING)
2555 ad.a.u.net->v6info.saddr = address->sin6_addr;
2556 else
2557 ad.a.u.net->v6info.daddr = address->sin6_addr;
2558#endif
2559 rc = smk_access(subject, object, MAY_WRITE, &ad);
2560 rc = smk_bu_note("IPv6 check", subject, object, MAY_WRITE, rc);
2561 return rc;
2562}
2563#endif /* CONFIG_IPV6 */
2564
2565#ifdef SMACK_IPV6_PORT_LABELING
c6739443
CS		 2566/**
2567 * smk_ipv6_port_label - Smack port access table management
2568 * @sock: socket
2569 * @address: address
2570 *
2571 * Create or update the port list entry
2572 */
2573static void smk_ipv6_port_label(struct socket *sock, struct sockaddr *address)
2574{
2575 struct sock *sk = sock->sk;
2576 struct sockaddr_in6 *addr6;
33132849 2577 struct socket_smack *ssp = sock->sk->sk_security;
c6739443
CS		 2578 struct smk_port_label *spp;
2579 unsigned short port = 0;
2580
2581 if (address == NULL) {
2582 /*
2583 * This operation is changing the Smack information
2584 * on the bound socket. Take the changes to the port
2585 * as well.
2586 */
3c7ce342
VG		 2587 rcu_read_lock();
2588 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
c6739443
CS		 2589 if (sk != spp->smk_sock)
2590 continue;
2591 spp->smk_in = ssp->smk_in;
2592 spp->smk_out = ssp->smk_out;
3c7ce342 2593 rcu_read_unlock();
c6739443
CS		 2594 return;
2595 }
2596 /*
2597 * A NULL address is only used for updating existing
2598 * bound entries. If there isn't one, it's OK.
2599 */
3c7ce342 2600 rcu_read_unlock();
c6739443
CS		 2601 return;
2602 }
2603
2604 addr6 = (struct sockaddr_in6 *)address;
2605 port = ntohs(addr6->sin6_port);
2606 /*
2607 * This is a special case that is safely ignored.
2608 */
2609 if (port == 0)
2610 return;
2611
2612 /*
2613 * Look for an existing port list entry.
2614 * This is an indication that a port is getting reused.
2615 */
3c7ce342
VG		 2616 rcu_read_lock();
2617 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
9d44c973 2618 if (spp->smk_port != port || spp->smk_sock_type != sock->type)
c6739443 2619 continue;
0c96d1f5
VG		 2620 if (spp->smk_can_reuse != 1) {
2621 rcu_read_unlock();
2622 return;
2623 }
c6739443
CS		 2624 spp->smk_port = port;
2625 spp->smk_sock = sk;
2626 spp->smk_in = ssp->smk_in;
2627 spp->smk_out = ssp->smk_out;
0c96d1f5 2628 spp->smk_can_reuse = 0;
3c7ce342 2629 rcu_read_unlock();
c6739443
CS		 2630 return;
2631 }
3c7ce342 2632 rcu_read_unlock();
c6739443
CS		 2633 /*
2634 * A new port entry is required.
2635 */
2636 spp = kzalloc(sizeof(*spp), GFP_KERNEL);
2637 if (spp == NULL)
2638 return;
2639
2640 spp->smk_port = port;
2641 spp->smk_sock = sk;
2642 spp->smk_in = ssp->smk_in;
2643 spp->smk_out = ssp->smk_out;
9d44c973 2644 spp->smk_sock_type = sock->type;
0c96d1f5 2645 spp->smk_can_reuse = 0;
c6739443 2646
3c7ce342
VG		 2647 mutex_lock(&smack_ipv6_lock);
2648 list_add_rcu(&spp->list, &smk_ipv6_port_list);
2649 mutex_unlock(&smack_ipv6_lock);
c6739443
CS		 2650 return;
2651}
2652
2653/**
2654 * smk_ipv6_port_check - check Smack port access
2655 * @sock: socket
2656 * @address: address
2657 *
2658 * Create or update the port list entry
2659 */
6ea06247 2660static int smk_ipv6_port_check(struct sock *sk, struct sockaddr_in6 *address,
c6739443
CS		 2661 int act)
2662{
c6739443 2663 struct smk_port_label *spp;
33132849 2664 struct socket_smack *ssp = sk->sk_security;
21abb1ec
CS		 2665 struct smack_known *skp = NULL;
2666 unsigned short port;
21c7eae2 2667 struct smack_known *object;
c6739443
CS		 2668
2669 if (act == SMK_RECEIVING) {
21abb1ec 2670 skp = smack_ipv6host_label(address);
21c7eae2 2671 object = ssp->smk_in;
c6739443 2672 } else {
2f823ff8 2673 skp = ssp->smk_out;
21abb1ec 2674 object = smack_ipv6host_label(address);
c6739443
CS		 2675 }
2676
2677 /*
21abb1ec 2678 * The other end is a single label host.
c6739443 2679 */
21abb1ec
CS		 2680 if (skp != NULL && object != NULL)
2681 return smk_ipv6_check(skp, object, address, act);
2682 if (skp == NULL)
2683 skp = smack_net_ambient;
2684 if (object == NULL)
2685 object = smack_net_ambient;
c6739443
CS		 2686
2687 /*
2688 * It's remote, so port lookup does no good.
2689 */
21abb1ec
CS		 2690 if (!smk_ipv6_localhost(address))
2691 return smk_ipv6_check(skp, object, address, act);
c6739443
CS		 2692
2693 /*
2694 * It's local so the send check has to have passed.
2695 */
21abb1ec
CS		 2696 if (act == SMK_RECEIVING)
2697 return 0;
c6739443 2698
21abb1ec 2699 port = ntohs(address->sin6_port);
3c7ce342
VG		 2700 rcu_read_lock();
2701 list_for_each_entry_rcu(spp, &smk_ipv6_port_list, list) {
9d44c973 2702 if (spp->smk_port != port || spp->smk_sock_type != sk->sk_type)
c6739443 2703 continue;
21c7eae2 2704 object = spp->smk_in;
c6739443 2705 if (act == SMK_CONNECTING)
54e70ec5 2706 ssp->smk_packet = spp->smk_out;
c6739443
CS		 2707 break;
2708 }
3c7ce342 2709 rcu_read_unlock();
c6739443 2710
21abb1ec 2711 return smk_ipv6_check(skp, object, address, act);
c6739443 2712}
21abb1ec 2713#endif /* SMACK_IPV6_PORT_LABELING */
c6739443 2714
e114e473
CS		 2715/**
2716 * smack_inode_setsecurity - set smack xattrs
2717 * @inode: the object
2718 * @name: attribute name
2719 * @value: attribute value
2720 * @size: size of the attribute
2721 * @flags: unused
2722 *
2723 * Sets the named attribute in the appropriate blob
2724 *
2725 * Returns 0 on success, or an error code
2726 */
2727static int smack_inode_setsecurity(struct inode *inode, const char *name,
2728 const void *value, size_t size, int flags)
2729{
2f823ff8 2730 struct smack_known *skp;
33132849 2731 struct inode_smack *nsp = inode->i_security;
e114e473
CS		 2732 struct socket_smack *ssp;
2733 struct socket *sock;
4bc87e62 2734 int rc = 0;
e114e473 2735
f7112e6c 2736 if (value == NULL || size > SMK_LONGLABEL || size == 0)
5e9ab593 2737 return -EINVAL;
e114e473 2738
2f823ff8 2739 skp = smk_import_entry(value, size);
e774ad68
LP		 2740 if (IS_ERR(skp))
2741 return PTR_ERR(skp);
e114e473
CS		 2742
2743 if (strcmp(name, XATTR_SMACK_SUFFIX) == 0) {
21c7eae2 2744 nsp->smk_inode = skp;
ddd29ec6 2745 nsp->smk_flags |= SMK_INODE_INSTANT;
e114e473
CS		 2746 return 0;
2747 }
2748 /*
2749 * The rest of the Smack xattrs are only on sockets.
2750 */
2751 if (inode->i_sb->s_magic != SOCKFS_MAGIC)
2752 return -EOPNOTSUPP;
2753
2754 sock = SOCKET_I(inode);
2e1d146a 2755 if (sock == NULL || sock->sk == NULL)
e114e473
CS		 2756 return -EOPNOTSUPP;
2757
33132849 2758 ssp = sock->sk->sk_security;
e114e473
CS		 2759
2760 if (strcmp(name, XATTR_SMACK_IPIN) == 0)
54e70ec5 2761 ssp->smk_in = skp;
e114e473 2762 else if (strcmp(name, XATTR_SMACK_IPOUT) == 0) {
2f823ff8 2763 ssp->smk_out = skp;
c6739443 2764 if (sock->sk->sk_family == PF_INET) {
b4e0d5f0
CS		 2765 rc = smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
2766 if (rc != 0)
2767 printk(KERN_WARNING
2768 "Smack: \"%s\" netlbl error %d.\n",
2769 __func__, -rc);
2770 }
e114e473
CS		 2771 } else
2772 return -EOPNOTSUPP;
2773
21abb1ec 2774#ifdef SMACK_IPV6_PORT_LABELING
c6739443
CS		 2775 if (sock->sk->sk_family == PF_INET6)
2776 smk_ipv6_port_label(sock, NULL);
21abb1ec 2777#endif
c6739443 2778
e114e473
CS		 2779 return 0;
2780}
2781
2782/**
2783 * smack_socket_post_create - finish socket setup
2784 * @sock: the socket
2785 * @family: protocol family
2786 * @type: unused
2787 * @protocol: unused
2788 * @kern: unused
2789 *
2790 * Sets the netlabel information on the socket
2791 *
2792 * Returns 0 on success, and error code otherwise
2793 */
2794static int smack_socket_post_create(struct socket *sock, int family,
2795 int type, int protocol, int kern)
2796{
7412301b
ML		 2797 struct socket_smack *ssp;
2798
2799 if (sock->sk == NULL)
2800 return 0;
2801
2802 /*
2803 * Sockets created by kernel threads receive web label.
2804 */
2805 if (unlikely(current->flags & PF_KTHREAD)) {
33132849 2806 ssp = sock->sk->sk_security;
7412301b
ML		 2807 ssp->smk_in = &smack_known_web;
2808 ssp->smk_out = &smack_known_web;
2809 }
2810
2811 if (family != PF_INET)
e114e473
CS		 2812 return 0;
2813 /*
2814 * Set the outbound netlbl.
2815 */
6d3dc07c
CS		 2816 return smack_netlabel(sock->sk, SMACK_CIPSO_SOCKET);
2817}
2818
21abb1ec 2819#ifdef SMACK_IPV6_PORT_LABELING
c6739443
CS		 2820/**
2821 * smack_socket_bind - record port binding information.
2822 * @sock: the socket
2823 * @address: the port address
2824 * @addrlen: size of the address
2825 *
2826 * Records the label bound to a port.
2827 *
2828 * Returns 0
2829 */
2830static int smack_socket_bind(struct socket *sock, struct sockaddr *address,
2831 int addrlen)
2832{
2833 if (sock->sk != NULL && sock->sk->sk_family == PF_INET6)
2834 smk_ipv6_port_label(sock, address);
c6739443
CS		 2835 return 0;
2836}
21abb1ec 2837#endif /* SMACK_IPV6_PORT_LABELING */
c6739443 2838
6d3dc07c
CS		 2839/**
2840 * smack_socket_connect - connect access check
2841 * @sock: the socket
2842 * @sap: the other end
2843 * @addrlen: size of sap
2844 *
2845 * Verifies that a connection may be possible
2846 *
2847 * Returns 0 on success, and error code otherwise
2848 */
2849static int smack_socket_connect(struct socket *sock, struct sockaddr *sap,
2850 int addrlen)
2851{
c6739443 2852 int rc = 0;
21abb1ec
CS		 2853#if IS_ENABLED(CONFIG_IPV6)
2854 struct sockaddr_in6 *sip = (struct sockaddr_in6 *)sap;
2855#endif
2856#ifdef SMACK_IPV6_SECMARK_LABELING
2857 struct smack_known *rsp;
33132849 2858 struct socket_smack *ssp = sock->sk->sk_security;
21abb1ec 2859#endif
c6739443
CS		 2860
2861 if (sock->sk == NULL)
6d3dc07c 2862 return 0;
6d3dc07c 2863
c6739443
CS		 2864 switch (sock->sk->sk_family) {
2865 case PF_INET:
2866 if (addrlen < sizeof(struct sockaddr_in))
2867 return -EINVAL;
2868 rc = smack_netlabel_send(sock->sk, (struct sockaddr_in *)sap);
2869 break;
2870 case PF_INET6:
2871 if (addrlen < sizeof(struct sockaddr_in6))
2872 return -EINVAL;
21abb1ec
CS		 2873#ifdef SMACK_IPV6_SECMARK_LABELING
2874 rsp = smack_ipv6host_label(sip);
2875 if (rsp != NULL)
2876 rc = smk_ipv6_check(ssp->smk_out, rsp, sip,
6ea06247 2877 SMK_CONNECTING);
21abb1ec
CS		 2878#endif
2879#ifdef SMACK_IPV6_PORT_LABELING
2880 rc = smk_ipv6_port_check(sock->sk, sip, SMK_CONNECTING);
2881#endif
c6739443
CS		 2882 break;
2883 }
2884 return rc;
e114e473
CS		 2885}
2886
2887/**
2888 * smack_flags_to_may - convert S_ to MAY_ values
2889 * @flags: the S_ value
2890 *
2891 * Returns the equivalent MAY_ value
2892 */
2893static int smack_flags_to_may(int flags)
2894{
2895 int may = 0;
2896
2897 if (flags & S_IRUGO)
2898 may |= MAY_READ;
2899 if (flags & S_IWUGO)
2900 may |= MAY_WRITE;
2901 if (flags & S_IXUGO)
2902 may |= MAY_EXEC;
2903
2904 return may;
2905}
2906
2907/**
2908 * smack_msg_msg_alloc_security - Set the security blob for msg_msg
2909 * @msg: the object
2910 *
2911 * Returns 0
2912 */
2913static int smack_msg_msg_alloc_security(struct msg_msg *msg)
2914{
33132849 2915 struct smack_known *skp = smk_of_current();
2f823ff8 2916
33132849 2917 msg->security = skp;
e114e473
CS		 2918 return 0;
2919}
2920
33132849
JS		 2921/**
2922 * smack_msg_msg_free_security - Clear the security blob for msg_msg
2923 * @msg: the object
2924 *
2925 * Clears the blob pointer
2926 */
2927static void smack_msg_msg_free_security(struct msg_msg *msg)
2928{
2929 msg->security = NULL;
2930}
2931
2932/**
2933 * smack_of_shm - the smack pointer for the shm
2934 * @shp: the object
2935 *
2936 * Returns a pointer to the smack value
2937 */
2938static struct smack_known *smack_of_shm(struct shmid_kernel *shp)
2939{
2940 return (struct smack_known *)shp->shm_perm.security;
2941}
2942
e114e473
CS		 2943/**
2944 * smack_shm_alloc_security - Set the security blob for shm
2945 * @shp: the object
2946 *
2947 * Returns 0
2948 */
2949static int smack_shm_alloc_security(struct shmid_kernel *shp)
2950{
33132849
JS		 2951 struct kern_ipc_perm *isp = &shp->shm_perm;
2952 struct smack_known *skp = smk_of_current();
e114e473 2953
33132849 2954 isp->security = skp;
e114e473
CS		 2955 return 0;
2956}
2957
33132849
JS		 2958/**
2959 * smack_shm_free_security - Clear the security blob for shm
2960 * @shp: the object
2961 *
2962 * Clears the blob pointer
2963 */
2964static void smack_shm_free_security(struct shmid_kernel *shp)
2965{
2966 struct kern_ipc_perm *isp = &shp->shm_perm;
2967
2968 isp->security = NULL;
2969}
2970
ecfcc53f
EB		 2971/**
2972 * smk_curacc_shm : check if current has access on shm
2973 * @shp : the object
2974 * @access : access requested
2975 *
2976 * Returns 0 if current has the requested access, error code otherwise
2977 */
2978static int smk_curacc_shm(struct shmid_kernel *shp, int access)
2979{
33132849 2980 struct smack_known *ssp = smack_of_shm(shp);
ecfcc53f 2981 struct smk_audit_info ad;
d166c802 2982 int rc;
ecfcc53f
EB		 2983
2984#ifdef CONFIG_AUDIT
2985 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
2986 ad.a.u.ipc_id = shp->shm_perm.id;
2987#endif
d166c802
CS		 2988 rc = smk_curacc(ssp, access, &ad);
2989 rc = smk_bu_current("shm", ssp, access, rc);
2990 return rc;
ecfcc53f
EB		 2991}
2992
e114e473
CS		 2993/**
2994 * smack_shm_associate - Smack access check for shm
2995 * @shp: the object
2996 * @shmflg: access requested
2997 *
2998 * Returns 0 if current has the requested access, error code otherwise
2999 */
3000static int smack_shm_associate(struct shmid_kernel *shp, int shmflg)
3001{
e114e473
CS		 3002 int may;
3003
3004 may = smack_flags_to_may(shmflg);
ecfcc53f 3005 return smk_curacc_shm(shp, may);
e114e473
CS		 3006}
3007
3008/**
3009 * smack_shm_shmctl - Smack access check for shm
3010 * @shp: the object
3011 * @cmd: what it wants to do
3012 *
3013 * Returns 0 if current has the requested access, error code otherwise
3014 */
3015static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd)
3016{
e114e473
CS		 3017 int may;
3018
3019 switch (cmd) {
3020 case IPC_STAT:
3021 case SHM_STAT:
3022 may = MAY_READ;
3023 break;
3024 case IPC_SET:
3025 case SHM_LOCK:
3026 case SHM_UNLOCK:
3027 case IPC_RMID:
3028 may = MAY_READWRITE;
3029 break;
3030 case IPC_INFO:
3031 case SHM_INFO:
3032 /*
3033 * System level information.
3034 */
3035 return 0;
3036 default:
3037 return -EINVAL;
3038 }
ecfcc53f 3039 return smk_curacc_shm(shp, may);
e114e473
CS		 3040}
3041
3042/**
3043 * smack_shm_shmat - Smack access for shmat
3044 * @shp: the object
3045 * @shmaddr: unused
3046 * @shmflg: access requested
3047 *
3048 * Returns 0 if current has the requested access, error code otherwise
3049 */
3050static int smack_shm_shmat(struct shmid_kernel *shp, char __user *shmaddr,
3051 int shmflg)
3052{
e114e473
CS		 3053 int may;
3054
3055 may = smack_flags_to_may(shmflg);
ecfcc53f 3056 return smk_curacc_shm(shp, may);
e114e473
CS		 3057}
3058
33132849
JS		 3059/**
3060 * smack_of_sem - the smack pointer for the sem
3061 * @sma: the object
3062 *
3063 * Returns a pointer to the smack value
3064 */
3065static struct smack_known *smack_of_sem(struct sem_array *sma)
3066{
3067 return (struct smack_known *)sma->sem_perm.security;
3068}
3069
e114e473
CS		 3070/**
3071 * smack_sem_alloc_security - Set the security blob for sem
3072 * @sma: the object
3073 *
3074 * Returns 0
3075 */
3076static int smack_sem_alloc_security(struct sem_array *sma)
3077{
33132849
JS		 3078 struct kern_ipc_perm *isp = &sma->sem_perm;
3079 struct smack_known *skp = smk_of_current();
e114e473 3080
33132849 3081 isp->security = skp;
e114e473
CS		 3082 return 0;
3083}
3084
33132849
JS		 3085/**
3086 * smack_sem_free_security - Clear the security blob for sem
3087 * @sma: the object
3088 *
3089 * Clears the blob pointer
3090 */
3091static void smack_sem_free_security(struct sem_array *sma)
3092{
3093 struct kern_ipc_perm *isp = &sma->sem_perm;
3094
3095 isp->security = NULL;
3096}
3097
ecfcc53f
EB		 3098/**
3099 * smk_curacc_sem : check if current has access on sem
3100 * @sma : the object
3101 * @access : access requested
3102 *
3103 * Returns 0 if current has the requested access, error code otherwise
3104 */
3105static int smk_curacc_sem(struct sem_array *sma, int access)
3106{
33132849 3107 struct smack_known *ssp = smack_of_sem(sma);
ecfcc53f 3108 struct smk_audit_info ad;
d166c802 3109 int rc;
ecfcc53f
EB		 3110
3111#ifdef CONFIG_AUDIT
3112 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3113 ad.a.u.ipc_id = sma->sem_perm.id;
3114#endif
d166c802
CS		 3115 rc = smk_curacc(ssp, access, &ad);
3116 rc = smk_bu_current("sem", ssp, access, rc);
3117 return rc;
ecfcc53f
EB		 3118}
3119
e114e473
CS		 3120/**
3121 * smack_sem_associate - Smack access check for sem
3122 * @sma: the object
3123 * @semflg: access requested
3124 *
3125 * Returns 0 if current has the requested access, error code otherwise
3126 */
3127static int smack_sem_associate(struct sem_array *sma, int semflg)
3128{
e114e473
CS		 3129 int may;
3130
3131 may = smack_flags_to_may(semflg);
ecfcc53f 3132 return smk_curacc_sem(sma, may);
e114e473
CS		 3133}
3134
3135/**
3136 * smack_sem_shmctl - Smack access check for sem
3137 * @sma: the object
3138 * @cmd: what it wants to do
3139 *
3140 * Returns 0 if current has the requested access, error code otherwise
3141 */
3142static int smack_sem_semctl(struct sem_array *sma, int cmd)
3143{
e114e473
CS		 3144 int may;
3145
3146 switch (cmd) {
3147 case GETPID:
3148 case GETNCNT:
3149 case GETZCNT:
3150 case GETVAL:
3151 case GETALL:
3152 case IPC_STAT:
3153 case SEM_STAT:
3154 may = MAY_READ;
3155 break;
3156 case SETVAL:
3157 case SETALL:
3158 case IPC_RMID:
3159 case IPC_SET:
3160 may = MAY_READWRITE;
3161 break;
3162 case IPC_INFO:
3163 case SEM_INFO:
3164 /*
3165 * System level information
3166 */
3167 return 0;
3168 default:
3169 return -EINVAL;
3170 }
3171
ecfcc53f 3172 return smk_curacc_sem(sma, may);
e114e473
CS		 3173}
3174
3175/**
3176 * smack_sem_semop - Smack checks of semaphore operations
3177 * @sma: the object
3178 * @sops: unused
3179 * @nsops: unused
3180 * @alter: unused
3181 *
3182 * Treated as read and write in all cases.
3183 *
3184 * Returns 0 if access is allowed, error code otherwise
3185 */
3186static int smack_sem_semop(struct sem_array *sma, struct sembuf *sops,
3187 unsigned nsops, int alter)
3188{
ecfcc53f 3189 return smk_curacc_sem(sma, MAY_READWRITE);
e114e473
CS		 3190}
3191
3192/**
33132849 3193 * smack_msg_alloc_security - Set the security blob for msg
e114e473
CS		 3194 * @msq: the object
3195 *
3196 * Returns 0
3197 */
3198static int smack_msg_queue_alloc_security(struct msg_queue *msq)
3199{
33132849
JS		 3200 struct kern_ipc_perm *kisp = &msq->q_perm;
3201 struct smack_known *skp = smk_of_current();
e114e473 3202
33132849 3203 kisp->security = skp;
e114e473
CS		 3204 return 0;
3205}
3206
33132849
JS		 3207/**
3208 * smack_msg_free_security - Clear the security blob for msg
3209 * @msq: the object
3210 *
3211 * Clears the blob pointer
3212 */
3213static void smack_msg_queue_free_security(struct msg_queue *msq)
3214{
3215 struct kern_ipc_perm *kisp = &msq->q_perm;
3216
3217 kisp->security = NULL;
3218}
3219
3220/**
3221 * smack_of_msq - the smack pointer for the msq
3222 * @msq: the object
3223 *
3224 * Returns a pointer to the smack label entry
3225 */
3226static struct smack_known *smack_of_msq(struct msg_queue *msq)
3227{
3228 return (struct smack_known *)msq->q_perm.security;
3229}
3230
ecfcc53f
EB		 3231/**
3232 * smk_curacc_msq : helper to check if current has access on msq
3233 * @msq : the msq
3234 * @access : access requested
3235 *
3236 * return 0 if current has access, error otherwise
3237 */
3238static int smk_curacc_msq(struct msg_queue *msq, int access)
3239{
33132849 3240 struct smack_known *msp = smack_of_msq(msq);
ecfcc53f 3241 struct smk_audit_info ad;
d166c802 3242 int rc;
ecfcc53f
EB		 3243
3244#ifdef CONFIG_AUDIT
3245 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3246 ad.a.u.ipc_id = msq->q_perm.id;
3247#endif
d166c802
CS		 3248 rc = smk_curacc(msp, access, &ad);
3249 rc = smk_bu_current("msq", msp, access, rc);
3250 return rc;
ecfcc53f
EB		 3251}
3252
e114e473
CS		 3253/**
3254 * smack_msg_queue_associate - Smack access check for msg_queue
3255 * @msq: the object
3256 * @msqflg: access requested
3257 *
3258 * Returns 0 if current has the requested access, error code otherwise
3259 */
3260static int smack_msg_queue_associate(struct msg_queue *msq, int msqflg)
3261{
e114e473
CS		 3262 int may;
3263
3264 may = smack_flags_to_may(msqflg);
ecfcc53f 3265 return smk_curacc_msq(msq, may);
e114e473
CS		 3266}
3267
3268/**
3269 * smack_msg_queue_msgctl - Smack access check for msg_queue
3270 * @msq: the object
3271 * @cmd: what it wants to do
3272 *
3273 * Returns 0 if current has the requested access, error code otherwise
3274 */
3275static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd)
3276{
e114e473
CS		 3277 int may;
3278
3279 switch (cmd) {
3280 case IPC_STAT:
3281 case MSG_STAT:
3282 may = MAY_READ;
3283 break;
3284 case IPC_SET:
3285 case IPC_RMID:
3286 may = MAY_READWRITE;
3287 break;
3288 case IPC_INFO:
3289 case MSG_INFO:
3290 /*
3291 * System level information
3292 */
3293 return 0;
3294 default:
3295 return -EINVAL;
3296 }
3297
ecfcc53f 3298 return smk_curacc_msq(msq, may);
e114e473
CS		 3299}
3300
3301/**
3302 * smack_msg_queue_msgsnd - Smack access check for msg_queue
3303 * @msq: the object
3304 * @msg: unused
3305 * @msqflg: access requested
3306 *
3307 * Returns 0 if current has the requested access, error code otherwise
3308 */
3309static int smack_msg_queue_msgsnd(struct msg_queue *msq, struct msg_msg *msg,
3310 int msqflg)
3311{
ecfcc53f 3312 int may;
e114e473 3313
ecfcc53f
EB		 3314 may = smack_flags_to_may(msqflg);
3315 return smk_curacc_msq(msq, may);
e114e473
CS		 3316}
3317
3318/**
3319 * smack_msg_queue_msgsnd - Smack access check for msg_queue
3320 * @msq: the object
3321 * @msg: unused
3322 * @target: unused
3323 * @type: unused
3324 * @mode: unused
3325 *
3326 * Returns 0 if current has read and write access, error code otherwise
3327 */
3328static int smack_msg_queue_msgrcv(struct msg_queue *msq, struct msg_msg *msg,
3329 struct task_struct *target, long type, int mode)
3330{
ecfcc53f 3331 return smk_curacc_msq(msq, MAY_READWRITE);
e114e473
CS		 3332}
3333
3334/**
3335 * smack_ipc_permission - Smack access for ipc_permission()
3336 * @ipp: the object permissions
3337 * @flag: access requested
3338 *
3339 * Returns 0 if current has read and write access, error code otherwise
3340 */
3341static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)
3342{
33132849 3343 struct smack_known *iskp = ipp->security;
ecfcc53f
EB		 3344 int may = smack_flags_to_may(flag);
3345 struct smk_audit_info ad;
d166c802 3346 int rc;
e114e473 3347
ecfcc53f
EB		 3348#ifdef CONFIG_AUDIT
3349 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_IPC);
3350 ad.a.u.ipc_id = ipp->id;
3351#endif
21c7eae2
LP		 3352 rc = smk_curacc(iskp, may, &ad);
3353 rc = smk_bu_current("svipc", iskp, may, rc);
d166c802 3354 return rc;
e114e473
CS		 3355}
3356
d20bdda6
AD		 3357/**
3358 * smack_ipc_getsecid - Extract smack security id
251a2a95 3359 * @ipp: the object permissions
d20bdda6
AD		 3360 * @secid: where result will be saved
3361 */
3362static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid)
3363{
33132849 3364 struct smack_known *iskp = ipp->security;
d20bdda6 3365
21c7eae2 3366 *secid = iskp->smk_secid;
d20bdda6
AD		 3367}
3368
e114e473
CS		 3369/**
3370 * smack_d_instantiate - Make sure the blob is correct on an inode
3e62cbb8 3371 * @opt_dentry: dentry where inode will be attached
e114e473
CS		 3372 * @inode: the object
3373 *
3374 * Set the inode's security blob if it hasn't been done already.
3375 */
3376static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
3377{
3378 struct super_block *sbp;
3379 struct superblock_smack *sbsp;
3380 struct inode_smack *isp;
2f823ff8
CS		 3381 struct smack_known *skp;
3382 struct smack_known *ckp = smk_of_current();
21c7eae2 3383 struct smack_known *final;
5c6d1125
JS		 3384 char trattr[TRANS_TRUE_SIZE];
3385 int transflag = 0;
2267b13a 3386 int rc;
e114e473
CS		 3387 struct dentry *dp;
3388
3389 if (inode == NULL)
3390 return;
3391
33132849 3392 isp = inode->i_security;
e114e473
CS		 3393
3394 mutex_lock(&isp->smk_lock);
3395 /*
3396 * If the inode is already instantiated
3397 * take the quick way out
3398 */
3399 if (isp->smk_flags & SMK_INODE_INSTANT)
3400 goto unlockandout;
3401
3402 sbp = inode->i_sb;
33132849 3403 sbsp = sbp->s_security;
e114e473
CS		 3404 /*
3405 * We're going to use the superblock default label
3406 * if there's no label on the file.
3407 */
3408 final = sbsp->smk_default;
3409
e97dcb0e
CS		 3410 /*
3411 * If this is the root inode the superblock
3412 * may be in the process of initialization.
3413 * If that is the case use the root value out
3414 * of the superblock.
3415 */
3416 if (opt_dentry->d_parent == opt_dentry) {
1d8c2326
ŁS		 3417 switch (sbp->s_magic) {
3418 case CGROUP_SUPER_MAGIC:
36ea735b
CS		 3419 /*
3420 * The cgroup filesystem is never mounted,
3421 * so there's no opportunity to set the mount
3422 * options.
3423 */
21c7eae2
LP		 3424 sbsp->smk_root = &smack_known_star;
3425 sbsp->smk_default = &smack_known_star;
1d8c2326
ŁS		 3426 isp->smk_inode = sbsp->smk_root;
3427 break;
3428 case TMPFS_MAGIC:
3429 /*
3430 * What about shmem/tmpfs anonymous files with dentry
3431 * obtained from d_alloc_pseudo()?
3432 */
3433 isp->smk_inode = smk_of_current();
3434 break;
8da4aba5
RK		 3435 case PIPEFS_MAGIC:
3436 isp->smk_inode = smk_of_current();
3437 break;
805b65a8
RK		 3438 case SOCKFS_MAGIC:
3439 /*
3440 * Socket access is controlled by the socket
3441 * structures associated with the task involved.
3442 */
3443 isp->smk_inode = &smack_known_star;
3444 break;
1d8c2326
ŁS		 3445 default:
3446 isp->smk_inode = sbsp->smk_root;
3447 break;
36ea735b 3448 }
e97dcb0e
CS		 3449 isp->smk_flags |= SMK_INODE_INSTANT;
3450 goto unlockandout;
3451 }
3452
e114e473
CS		 3453 /*
3454 * This is pretty hackish.
3455 * Casey says that we shouldn't have to do
3456 * file system specific code, but it does help
3457 * with keeping it simple.
3458 */
3459 switch (sbp->s_magic) {
3460 case SMACK_MAGIC:
36ea735b 3461 case CGROUP_SUPER_MAGIC:
e114e473 3462 /*
25985edc 3463 * Casey says that it's a little embarrassing
e114e473
CS		 3464 * that the smack file system doesn't do
3465 * extended attributes.
36ea735b 3466 *
36ea735b 3467 * Cgroupfs is special
e114e473 3468 */
21c7eae2 3469 final = &smack_known_star;
e114e473
CS		 3470 break;
3471 case DEVPTS_SUPER_MAGIC:
3472 /*
3473 * devpts seems content with the label of the task.
3474 * Programs that change smack have to treat the
3475 * pty with respect.
3476 */
21c7eae2 3477 final = ckp;
e114e473 3478 break;
e114e473
CS		 3479 case PROC_SUPER_MAGIC:
3480 /*
3481 * Casey says procfs appears not to care.
3482 * The superblock default suffices.
3483 */
3484 break;
3485 case TMPFS_MAGIC:
3486 /*
3487 * Device labels should come from the filesystem,
3488 * but watch out, because they're volitile,
3489 * getting recreated on every reboot.
3490 */
21c7eae2 3491 final = &smack_known_star;
e114e473
CS		 3492 /*
3493 * No break.
3494 *
3495 * If a smack value has been set we want to use it,
3496 * but since tmpfs isn't giving us the opportunity
3497 * to set mount options simulate setting the
3498 * superblock default.
3499 */
3500 default:
3501 /*
3502 * This isn't an understood special case.
3503 * Get the value from the xattr.
b4e0d5f0
CS		 3504 */
3505
3506 /*
3507 * UNIX domain sockets use lower level socket data.
3508 */
3509 if (S_ISSOCK(inode->i_mode)) {
21c7eae2 3510 final = &smack_known_star;
b4e0d5f0
CS		 3511 break;
3512 }
3513 /*
e114e473
CS		 3514 * No xattr support means, alas, no SMACK label.
3515 * Use the aforeapplied default.
3516 * It would be curious if the label of the task
3517 * does not match that assigned.
3518 */
5d6c3191
AG		 3519 if (!(inode->i_opflags & IOP_XATTR))
3520 break;
e114e473
CS		 3521 /*
3522 * Get the dentry for xattr.
3523 */
3e62cbb8 3524 dp = dget(opt_dentry);
2f823ff8 3525 skp = smk_fetch(XATTR_NAME_SMACK, inode, dp);
e774ad68 3526 if (!IS_ERR_OR_NULL(skp))
21c7eae2 3527 final = skp;
2267b13a
CS		 3528
3529 /*
3530 * Transmuting directory
3531 */
3532 if (S_ISDIR(inode->i_mode)) {
3533 /*
3534 * If this is a new directory and the label was
3535 * transmuted when the inode was initialized
3536 * set the transmute attribute on the directory
3537 * and mark the inode.
3538 *
3539 * If there is a transmute attribute on the
3540 * directory mark the inode.
3541 */
3542 if (isp->smk_flags & SMK_INODE_CHANGED) {
3543 isp->smk_flags &= ~SMK_INODE_CHANGED;
5d6c3191 3544 rc = __vfs_setxattr(dp, inode,
5c6d1125 3545 XATTR_NAME_SMACKTRANSMUTE,
2267b13a
CS		 3546 TRANS_TRUE, TRANS_TRUE_SIZE,
3547 0);
3548 } else {
5d6c3191 3549 rc = __vfs_getxattr(dp, inode,
2267b13a
CS		 3550 XATTR_NAME_SMACKTRANSMUTE, trattr,
3551 TRANS_TRUE_SIZE);
3552 if (rc >= 0 && strncmp(trattr, TRANS_TRUE,
3553 TRANS_TRUE_SIZE) != 0)
3554 rc = -EINVAL;
5c6d1125 3555 }
2267b13a
CS		 3556 if (rc >= 0)
3557 transflag = SMK_INODE_TRANSMUTE;
5c6d1125 3558 }
809c02e0
SF		 3559 /*
3560 * Don't let the exec or mmap label be "*" or "@".
3561 */
3562 skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp);
3563 if (IS_ERR(skp) || skp == &smack_known_star ||
3564 skp == &smack_known_web)
3565 skp = NULL;
3566 isp->smk_task = skp;
e774ad68 3567
19760ad0 3568 skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp);
e774ad68
LP		 3569 if (IS_ERR(skp) || skp == &smack_known_star ||
3570 skp == &smack_known_web)
19760ad0
CS		 3571 skp = NULL;
3572 isp->smk_mmap = skp;
676dac4b 3573
e114e473
CS		 3574 dput(dp);
3575 break;
3576 }
3577
3578 if (final == NULL)
21c7eae2 3579 isp->smk_inode = ckp;
e114e473
CS		 3580 else
3581 isp->smk_inode = final;
3582
5c6d1125 3583 isp->smk_flags |= (SMK_INODE_INSTANT | transflag);
e114e473
CS		 3584
3585unlockandout:
3586 mutex_unlock(&isp->smk_lock);
3587 return;
3588}
3589
3590/**
3591 * smack_getprocattr - Smack process attribute access
3592 * @p: the object task
3593 * @name: the name of the attribute in /proc/.../attr
3594 * @value: where to put the result
3595 *
3596 * Places a copy of the task Smack into value
3597 *
3598 * Returns the length of the smack label or an error code
3599 */
3600static int smack_getprocattr(struct task_struct *p, char *name, char **value)
3601{
6d1cff2a 3602 struct smack_known *skp = smk_of_task_struct(p);
e114e473 3603 char *cp;
e114e473 3604
a3c3cde2
CS		 3605 if (strcmp(name, "current") == 0) {
3606 cp = kstrdup(skp->smk_known, GFP_KERNEL);
3607 if (cp == NULL)
3608 return -ENOMEM;
3609 } else if (strcmp(name, "context") == 0) {
3610 cp = kasprintf(GFP_KERNEL, "smack='%s'", skp->smk_known);
3611 if (cp == NULL)
3612 return -ENOMEM;
3613 } else
e114e473
CS		 3614 return -EINVAL;
3615
e114e473 3616 *value = cp;
a3c3cde2 3617 return strlen(cp);
e114e473
CS		 3618}
3619
3620/**
3621 * smack_setprocattr - Smack process attribute setting
e114e473
CS		 3622 * @name: the name of the attribute in /proc/.../attr
3623 * @value: the value to set
3624 * @size: the size of the value
3625 *
3626 * Sets the Smack value of the task. Only setting self
3627 * is permitted and only with privilege
3628 *
3629 * Returns the length of the smack label or an error code
3630 */
b21507e2 3631static int smack_setprocattr(const char *name, void *value, size_t size)
e114e473 3632{
98738d70 3633 struct task_smack *tsp = smack_cred(current_cred());
d84f4f99 3634 struct cred *new;
2f823ff8 3635 struct smack_known *skp;
38416e53
ZJ		 3636 struct smack_known_list_elem *sklep;
3637 int rc;
e114e473 3638
38416e53 3639 if (!smack_privileged(CAP_MAC_ADMIN) && list_empty(&tsp->smk_relabel))
5cd9c58f
DH		 3640 return -EPERM;
3641
f7112e6c 3642 if (value == NULL || size == 0 || size >= SMK_LONGLABEL)
e114e473
CS		 3643 return -EINVAL;
3644
a3c3cde2 3645 if (strcmp(name, "current") != 0 && strcmp(name, "context") != 0)
e114e473
CS		 3646 return -EINVAL;
3647
2f823ff8 3648 skp = smk_import_entry(value, size);
e774ad68
LP		 3649 if (IS_ERR(skp))
3650 return PTR_ERR(skp);
e114e473 3651
6d3dc07c 3652 /*
7128ea15
HS		 3653 * No process is ever allowed the web ("@") label
3654 * and the star ("*") label.
6d3dc07c 3655 */
7128ea15
HS		 3656 if (skp == &smack_known_web || skp == &smack_known_star)
3657 return -EINVAL;
6d3dc07c 3658
38416e53
ZJ		 3659 if (!smack_privileged(CAP_MAC_ADMIN)) {
3660 rc = -EPERM;
3661 list_for_each_entry(sklep, &tsp->smk_relabel, list)
3662 if (sklep->smk_label == skp) {
3663 rc = 0;
3664 break;
3665 }
3666 if (rc)
3667 return rc;
3668 }
3669
d84f4f99 3670 new = prepare_creds();
6d3dc07c 3671 if (new == NULL)
d84f4f99 3672 return -ENOMEM;
7898e1f8 3673
98738d70 3674 tsp = smack_cred(new);
2f823ff8 3675 tsp->smk_task = skp;
38416e53
ZJ		 3676 /*
3677 * process can change its label only once
3678 */
3679 smk_destroy_label_list(&tsp->smk_relabel);
7898e1f8 3680
d84f4f99 3681 commit_creds(new);
e114e473
CS		 3682 return size;
3683}
3684
3685/**
3686 * smack_unix_stream_connect - Smack access on UDS
3610cda5
DM		 3687 * @sock: one sock
3688 * @other: the other sock
e114e473
CS		 3689 * @newsk: unused
3690 *
3691 * Return 0 if a subject with the smack of sock could access
3692 * an object with the smack of other, otherwise an error code
3693 */
3610cda5
DM		 3694static int smack_unix_stream_connect(struct sock *sock,
3695 struct sock *other, struct sock *newsk)
e114e473 3696{
2f823ff8 3697 struct smack_known *skp;
54e70ec5 3698 struct smack_known *okp;
33132849
JS		 3699 struct socket_smack *ssp = sock->sk_security;
3700 struct socket_smack *osp = other->sk_security;
3701 struct socket_smack *nsp = newsk->sk_security;
ecfcc53f 3702 struct smk_audit_info ad;
b4e0d5f0 3703 int rc = 0;
923e9a13
KC		 3704#ifdef CONFIG_AUDIT
3705 struct lsm_network_audit net;
923e9a13 3706#endif
b4e0d5f0 3707
2f823ff8
CS		 3708 if (!smack_privileged(CAP_MAC_OVERRIDE)) {
3709 skp = ssp->smk_out;
96be7b54 3710 okp = osp->smk_in;
54e70ec5
CS		 3711#ifdef CONFIG_AUDIT
3712 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3713 smk_ad_setfield_u_net_sk(&ad, other);
3714#endif
21c7eae2
LP		 3715 rc = smk_access(skp, okp, MAY_WRITE, &ad);
3716 rc = smk_bu_note("UDS connect", skp, okp, MAY_WRITE, rc);
d166c802 3717 if (rc == 0) {
96be7b54
ZJ		 3718 okp = osp->smk_out;
3719 skp = ssp->smk_in;
138a868f 3720 rc = smk_access(okp, skp, MAY_WRITE, &ad);
21c7eae2 3721 rc = smk_bu_note("UDS connect", okp, skp,
d166c802
CS		 3722 MAY_WRITE, rc);
3723 }
2f823ff8 3724 }
b4e0d5f0 3725
975d5e55
CS		 3726 /*
3727 * Cross reference the peer labels for SO_PEERSEC.
3728 */
3729 if (rc == 0) {
54e70ec5
CS		 3730 nsp->smk_packet = ssp->smk_out;
3731 ssp->smk_packet = osp->smk_out;
975d5e55
CS		 3732 }
3733
b4e0d5f0 3734 return rc;
e114e473
CS		 3735}
3736
3737/**
3738 * smack_unix_may_send - Smack access on UDS
3739 * @sock: one socket
3740 * @other: the other socket
3741 *
3742 * Return 0 if a subject with the smack of sock could access
3743 * an object with the smack of other, otherwise an error code
3744 */
3745static int smack_unix_may_send(struct socket *sock, struct socket *other)
3746{
33132849
JS		 3747 struct socket_smack *ssp = sock->sk->sk_security;
3748 struct socket_smack *osp = other->sk->sk_security;
ecfcc53f 3749 struct smk_audit_info ad;
d166c802 3750 int rc;
e114e473 3751
923e9a13
KC		 3752#ifdef CONFIG_AUDIT
3753 struct lsm_network_audit net;
3754
48c62af6 3755 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
ecfcc53f 3756 smk_ad_setfield_u_net_sk(&ad, other->sk);
923e9a13 3757#endif
b4e0d5f0 3758
2f823ff8
CS		 3759 if (smack_privileged(CAP_MAC_OVERRIDE))
3760 return 0;
b4e0d5f0 3761
21c7eae2
LP		 3762 rc = smk_access(ssp->smk_out, osp->smk_in, MAY_WRITE, &ad);
3763 rc = smk_bu_note("UDS send", ssp->smk_out, osp->smk_in, MAY_WRITE, rc);
d166c802 3764 return rc;
e114e473
CS		 3765}
3766
6d3dc07c
CS		 3767/**
3768 * smack_socket_sendmsg - Smack check based on destination host
3769 * @sock: the socket
251a2a95 3770 * @msg: the message
6d3dc07c
CS		 3771 * @size: the size of the message
3772 *
c6739443
CS		 3773 * Return 0 if the current subject can write to the destination host.
3774 * For IPv4 this is only a question if the destination is a single label host.
3775 * For IPv6 this is a check against the label of the port.
6d3dc07c
CS		 3776 */
3777static int smack_socket_sendmsg(struct socket *sock, struct msghdr *msg,
3778 int size)
3779{
3780 struct sockaddr_in *sip = (struct sockaddr_in *) msg->msg_name;
21abb1ec 3781#if IS_ENABLED(CONFIG_IPV6)
6ea06247 3782 struct sockaddr_in6 *sap = (struct sockaddr_in6 *) msg->msg_name;
21abb1ec
CS		 3783#endif
3784#ifdef SMACK_IPV6_SECMARK_LABELING
33132849 3785 struct socket_smack *ssp = sock->sk->sk_security;
21abb1ec
CS		 3786 struct smack_known *rsp;
3787#endif
c6739443 3788 int rc = 0;
6d3dc07c
CS		 3789
3790 /*
3791 * Perfectly reasonable for this to be NULL
3792 */
c6739443 3793 if (sip == NULL)
6d3dc07c
CS		 3794 return 0;
3795
81bd0d56 3796 switch (sock->sk->sk_family) {
c6739443
CS		 3797 case AF_INET:
3798 rc = smack_netlabel_send(sock->sk, sip);
3799 break;
3800 case AF_INET6:
21abb1ec
CS		 3801#ifdef SMACK_IPV6_SECMARK_LABELING
3802 rsp = smack_ipv6host_label(sap);
3803 if (rsp != NULL)
3804 rc = smk_ipv6_check(ssp->smk_out, rsp, sap,
3805 SMK_CONNECTING);
3806#endif
3807#ifdef SMACK_IPV6_PORT_LABELING
c6739443 3808 rc = smk_ipv6_port_check(sock->sk, sap, SMK_SENDING);
21abb1ec 3809#endif
c6739443
CS		 3810 break;
3811 }
3812 return rc;
6d3dc07c
CS		 3813}
3814
e114e473 3815/**
251a2a95 3816 * smack_from_secattr - Convert a netlabel attr.mls.lvl/attr.mls.cat pair to smack
e114e473 3817 * @sap: netlabel secattr
272cd7a8 3818 * @ssp: socket security information
e114e473 3819 *
2f823ff8 3820 * Returns a pointer to a Smack label entry found on the label list.
e114e473 3821 */
2f823ff8
CS		 3822static struct smack_known *smack_from_secattr(struct netlbl_lsm_secattr *sap,
3823 struct socket_smack *ssp)
e114e473 3824{
2f823ff8 3825 struct smack_known *skp;
f7112e6c 3826 int found = 0;
677264e8
CS		 3827 int acat;
3828 int kcat;
e114e473 3829
6d3dc07c 3830 if ((sap->flags & NETLBL_SECATTR_MLS_LVL) != 0) {
e114e473 3831 /*
6d3dc07c 3832 * Looks like a CIPSO packet.
e114e473
CS		 3833 * If there are flags but no level netlabel isn't
3834 * behaving the way we expect it to.
3835 *
f7112e6c 3836 * Look it up in the label table
e114e473
CS		 3837 * Without guidance regarding the smack value
3838 * for the packet fall back on the network
3839 * ambient value.
3840 */
f7112e6c 3841 rcu_read_lock();
348dc288 3842 list_for_each_entry_rcu(skp, &smack_known_list, list) {
2f823ff8 3843 if (sap->attr.mls.lvl != skp->smk_netlabel.attr.mls.lvl)
f7112e6c 3844 continue;
677264e8
CS		 3845 /*
3846 * Compare the catsets. Use the netlbl APIs.
3847 */
3848 if ((sap->flags & NETLBL_SECATTR_MLS_CAT) == 0) {
3849 if ((skp->smk_netlabel.flags &
3850 NETLBL_SECATTR_MLS_CAT) == 0)
3851 found = 1;
3852 break;
3853 }
3854 for (acat = -1, kcat = -1; acat == kcat; ) {
4fbe63d1
PM		 3855 acat = netlbl_catmap_walk(sap->attr.mls.cat,
3856 acat + 1);
3857 kcat = netlbl_catmap_walk(
677264e8
CS		 3858 skp->smk_netlabel.attr.mls.cat,
3859 kcat + 1);
3860 if (acat < 0 || kcat < 0)
3861 break;
3862 }
3863 if (acat == kcat) {
3864 found = 1;
3865 break;
3866 }
6d3dc07c 3867 }
f7112e6c
CS		 3868 rcu_read_unlock();
3869
3870 if (found)
2f823ff8 3871 return skp;
f7112e6c 3872
54e70ec5 3873 if (ssp != NULL && ssp->smk_in == &smack_known_star)
2f823ff8
CS		 3874 return &smack_known_web;
3875 return &smack_known_star;
e114e473 3876 }
152f91d4 3877 if ((sap->flags & NETLBL_SECATTR_SECID) != 0)
6d3dc07c
CS		 3878 /*
3879 * Looks like a fallback, which gives us a secid.
3880 */
152f91d4 3881 return smack_from_secid(sap->attr.secid);
e114e473 3882 /*
6d3dc07c
CS		 3883 * Without guidance regarding the smack value
3884 * for the packet fall back on the network
3885 * ambient value.
e114e473 3886 */
272cd7a8 3887 return smack_net_ambient;
e114e473
CS		 3888}
3889
69f287ae 3890#if IS_ENABLED(CONFIG_IPV6)
6ea06247 3891static int smk_skb_to_addr_ipv6(struct sk_buff *skb, struct sockaddr_in6 *sip)
c6739443 3892{
c6739443
CS		 3893 u8 nexthdr;
3894 int offset;
3895 int proto = -EINVAL;
3896 struct ipv6hdr _ipv6h;
3897 struct ipv6hdr *ip6;
3898 __be16 frag_off;
3899 struct tcphdr _tcph, *th;
3900 struct udphdr _udph, *uh;
3901 struct dccp_hdr _dccph, *dh;
3902
3903 sip->sin6_port = 0;
3904
3905 offset = skb_network_offset(skb);
3906 ip6 = skb_header_pointer(skb, offset, sizeof(_ipv6h), &_ipv6h);
3907 if (ip6 == NULL)
3908 return -EINVAL;
3909 sip->sin6_addr = ip6->saddr;
3910
3911 nexthdr = ip6->nexthdr;
3912 offset += sizeof(_ipv6h);
3913 offset = ipv6_skip_exthdr(skb, offset, &nexthdr, &frag_off);
3914 if (offset < 0)
3915 return -EINVAL;
3916
3917 proto = nexthdr;
3918 switch (proto) {
3919 case IPPROTO_TCP:
3920 th = skb_header_pointer(skb, offset, sizeof(_tcph), &_tcph);
3921 if (th != NULL)
3922 sip->sin6_port = th->source;
3923 break;
3924 case IPPROTO_UDP:
3925 uh = skb_header_pointer(skb, offset, sizeof(_udph), &_udph);
3926 if (uh != NULL)
3927 sip->sin6_port = uh->source;
3928 break;
3929 case IPPROTO_DCCP:
3930 dh = skb_header_pointer(skb, offset, sizeof(_dccph), &_dccph);
3931 if (dh != NULL)
3932 sip->sin6_port = dh->dccph_sport;
3933 break;
3934 }
3935 return proto;
3936}
69f287ae 3937#endif /* CONFIG_IPV6 */
c6739443 3938
e114e473
CS		 3939/**
3940 * smack_socket_sock_rcv_skb - Smack packet delivery access check
3941 * @sk: socket
3942 * @skb: packet
3943 *
3944 * Returns 0 if the packet should be delivered, an error code otherwise
3945 */
3946static int smack_socket_sock_rcv_skb(struct sock *sk, struct sk_buff *skb)
3947{
3948 struct netlbl_lsm_secattr secattr;
33132849 3949 struct socket_smack *ssp = sk->sk_security;
69f287ae 3950 struct smack_known *skp = NULL;
c6739443 3951 int rc = 0;
ecfcc53f 3952 struct smk_audit_info ad;
923e9a13 3953#ifdef CONFIG_AUDIT
48c62af6 3954 struct lsm_network_audit net;
923e9a13 3955#endif
69f287ae
CS		 3956#if IS_ENABLED(CONFIG_IPV6)
3957 struct sockaddr_in6 sadd;
3958 int proto;
3959#endif /* CONFIG_IPV6 */
3960
c6739443
CS		 3961 switch (sk->sk_family) {
3962 case PF_INET:
69f287ae
CS		 3963#ifdef CONFIG_SECURITY_SMACK_NETFILTER
3964 /*
3965 * If there is a secmark use it rather than the CIPSO label.
3966 * If there is no secmark fall back to CIPSO.
3967 * The secmark is assumed to reflect policy better.
3968 */
3969 if (skb && skb->secmark != 0) {
3970 skp = smack_from_secid(skb->secmark);
3971 goto access_check;
3972 }
3973#endif /* CONFIG_SECURITY_SMACK_NETFILTER */
c6739443
CS		 3974 /*
3975 * Translate what netlabel gave us.
3976 */
3977 netlbl_secattr_init(&secattr);
6d3dc07c 3978
c6739443
CS		 3979 rc = netlbl_skbuff_getattr(skb, sk->sk_family, &secattr);
3980 if (rc == 0)
2f823ff8 3981 skp = smack_from_secattr(&secattr, ssp);
c6739443 3982 else
2f823ff8 3983 skp = smack_net_ambient;
6d3dc07c 3984
c6739443 3985 netlbl_secattr_destroy(&secattr);
6d3dc07c 3986
69f287ae
CS		 3987#ifdef CONFIG_SECURITY_SMACK_NETFILTER
3988access_check:
3989#endif
ecfcc53f 3990#ifdef CONFIG_AUDIT
c6739443
CS		 3991 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
3992 ad.a.u.net->family = sk->sk_family;
3993 ad.a.u.net->netif = skb->skb_iif;
3994 ipv4_skb_to_auditdata(skb, &ad.a, NULL);
ecfcc53f 3995#endif
c6739443
CS		 3996 /*
3997 * Receiving a packet requires that the other end
3998 * be able to write here. Read access is not required.
3999 * This is the simplist possible security model
4000 * for networking.
4001 */
21c7eae2
LP		 4002 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
4003 rc = smk_bu_note("IPv4 delivery", skp, ssp->smk_in,
d166c802 4004 MAY_WRITE, rc);
c6739443 4005 if (rc != 0)
a04e71f6 4006 netlbl_skbuff_err(skb, sk->sk_family, rc, 0);
c6739443 4007 break;
69f287ae 4008#if IS_ENABLED(CONFIG_IPV6)
c6739443 4009 case PF_INET6:
69f287ae
CS		 4010 proto = smk_skb_to_addr_ipv6(skb, &sadd);
4011 if (proto != IPPROTO_UDP && proto != IPPROTO_TCP)
4012 break;
21abb1ec 4013#ifdef SMACK_IPV6_SECMARK_LABELING
69f287ae
CS		 4014 if (skb && skb->secmark != 0)
4015 skp = smack_from_secid(skb->secmark);
c6739443 4016 else
21abb1ec
CS		 4017 skp = smack_ipv6host_label(&sadd);
4018 if (skp == NULL)
69f287ae
CS		 4019 skp = smack_net_ambient;
4020#ifdef CONFIG_AUDIT
4021 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
4022 ad.a.u.net->family = sk->sk_family;
4023 ad.a.u.net->netif = skb->skb_iif;
4024 ipv6_skb_to_auditdata(skb, &ad.a, NULL);
4025#endif /* CONFIG_AUDIT */
4026 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
4027 rc = smk_bu_note("IPv6 delivery", skp, ssp->smk_in,
4028 MAY_WRITE, rc);
21abb1ec
CS		 4029#endif /* SMACK_IPV6_SECMARK_LABELING */
4030#ifdef SMACK_IPV6_PORT_LABELING
69f287ae 4031 rc = smk_ipv6_port_check(sk, &sadd, SMK_RECEIVING);
21abb1ec 4032#endif /* SMACK_IPV6_PORT_LABELING */
c6739443 4033 break;
69f287ae 4034#endif /* CONFIG_IPV6 */
c6739443 4035 }
69f287ae 4036
a8134296 4037 return rc;
e114e473
CS		 4038}
4039
4040/**
4041 * smack_socket_getpeersec_stream - pull in packet label
4042 * @sock: the socket
4043 * @optval: user's destination
4044 * @optlen: size thereof
251a2a95 4045 * @len: max thereof
e114e473
CS		 4046 *
4047 * returns zero on success, an error code otherwise
4048 */
4049static int smack_socket_getpeersec_stream(struct socket *sock,
4050 char __user *optval,
4051 int __user *optlen, unsigned len)
4052{
4053 struct socket_smack *ssp;
272cd7a8
CS		 4054 char *rcp = "";
4055 int slen = 1;
e114e473
CS		 4056 int rc = 0;
4057
33132849 4058 ssp = sock->sk->sk_security;
272cd7a8 4059 if (ssp->smk_packet != NULL) {
54e70ec5 4060 rcp = ssp->smk_packet->smk_known;
272cd7a8
CS		 4061 slen = strlen(rcp) + 1;
4062 }
e114e473
CS		 4063
4064 if (slen > len)
4065 rc = -ERANGE;
272cd7a8 4066 else if (copy_to_user(optval, rcp, slen) != 0)
e114e473
CS		 4067 rc = -EFAULT;
4068
4069 if (put_user(slen, optlen) != 0)
4070 rc = -EFAULT;
4071
4072 return rc;
4073}
4074
4075
4076/**
4077 * smack_socket_getpeersec_dgram - pull in packet label
b4e0d5f0 4078 * @sock: the peer socket
e114e473
CS		 4079 * @skb: packet data
4080 * @secid: pointer to where to put the secid of the packet
4081 *
4082 * Sets the netlabel socket state on sk from parent
4083 */
4084static int smack_socket_getpeersec_dgram(struct socket *sock,
4085 struct sk_buff *skb, u32 *secid)
4086
4087{
4088 struct netlbl_lsm_secattr secattr;
272cd7a8 4089 struct socket_smack *ssp = NULL;
2f823ff8 4090 struct smack_known *skp;
b4e0d5f0
CS		 4091 int family = PF_UNSPEC;
4092 u32 s = 0; /* 0 is the invalid secid */
e114e473
CS		 4093 int rc;
4094
b4e0d5f0
CS		 4095 if (skb != NULL) {
4096 if (skb->protocol == htons(ETH_P_IP))
4097 family = PF_INET;
69f287ae 4098#if IS_ENABLED(CONFIG_IPV6)
b4e0d5f0
CS		 4099 else if (skb->protocol == htons(ETH_P_IPV6))
4100 family = PF_INET6;
69f287ae 4101#endif /* CONFIG_IPV6 */
e114e473 4102 }
b4e0d5f0
CS		 4103 if (family == PF_UNSPEC && sock != NULL)
4104 family = sock->sk->sk_family;
e114e473 4105
69f287ae
CS		 4106 switch (family) {
4107 case PF_UNIX:
33132849 4108 ssp = sock->sk->sk_security;
2f823ff8 4109 s = ssp->smk_out->smk_secid;
69f287ae
CS		 4110 break;
4111 case PF_INET:
4112#ifdef CONFIG_SECURITY_SMACK_NETFILTER
4113 s = skb->secmark;
4114 if (s != 0)
4115 break;
4116#endif
b4e0d5f0
CS		 4117 /*
4118 * Translate what netlabel gave us.
4119 */
272cd7a8 4120 if (sock != NULL && sock->sk != NULL)
33132849 4121 ssp = sock->sk->sk_security;
b4e0d5f0
CS		 4122 netlbl_secattr_init(&secattr);
4123 rc = netlbl_skbuff_getattr(skb, family, &secattr);
4124 if (rc == 0) {
2f823ff8
CS		 4125 skp = smack_from_secattr(&secattr, ssp);
4126 s = skp->smk_secid;
b4e0d5f0
CS		 4127 }
4128 netlbl_secattr_destroy(&secattr);
69f287ae 4129 break;
69f287ae 4130 case PF_INET6:
21abb1ec 4131#ifdef SMACK_IPV6_SECMARK_LABELING
69f287ae 4132 s = skb->secmark;
21abb1ec 4133#endif
69f287ae 4134 break;
b4e0d5f0
CS		 4135 }
4136 *secid = s;
e114e473
CS		 4137 if (s == 0)
4138 return -EINVAL;
e114e473
CS		 4139 return 0;
4140}
4141
4142/**
07feee8f
PM		 4143 * smack_sock_graft - Initialize a newly created socket with an existing sock
4144 * @sk: child sock
4145 * @parent: parent socket
e114e473 4146 *
07feee8f
PM		 4147 * Set the smk_{in,out} state of an existing sock based on the process that
4148 * is creating the new socket.
e114e473
CS		 4149 */
4150static void smack_sock_graft(struct sock *sk, struct socket *parent)
4151{
4152 struct socket_smack *ssp;
2f823ff8 4153 struct smack_known *skp = smk_of_current();
e114e473 4154
07feee8f
PM		 4155 if (sk == NULL ||
4156 (sk->sk_family != PF_INET && sk->sk_family != PF_INET6))
e114e473
CS		 4157 return;
4158
33132849 4159 ssp = sk->sk_security;
54e70ec5 4160 ssp->smk_in = skp;
2f823ff8 4161 ssp->smk_out = skp;
07feee8f 4162 /* cssp->smk_packet is already set in smack_inet_csk_clone() */
e114e473
CS		 4163}
4164
4165/**
4166 * smack_inet_conn_request - Smack access check on connect
4167 * @sk: socket involved
4168 * @skb: packet
4169 * @req: unused
4170 *
4171 * Returns 0 if a task with the packet label could write to
4172 * the socket, otherwise an error code
4173 */
4174static int smack_inet_conn_request(struct sock *sk, struct sk_buff *skb,
4175 struct request_sock *req)
4176{
07feee8f 4177 u16 family = sk->sk_family;
f7112e6c 4178 struct smack_known *skp;
33132849 4179 struct socket_smack *ssp = sk->sk_security;
07feee8f
PM		 4180 struct netlbl_lsm_secattr secattr;
4181 struct sockaddr_in addr;
4182 struct iphdr *hdr;
21c7eae2 4183 struct smack_known *hskp;
e114e473 4184 int rc;
ecfcc53f 4185 struct smk_audit_info ad;
923e9a13 4186#ifdef CONFIG_AUDIT
48c62af6 4187 struct lsm_network_audit net;
923e9a13 4188#endif
e114e473 4189
69f287ae 4190#if IS_ENABLED(CONFIG_IPV6)
c6739443
CS		 4191 if (family == PF_INET6) {
4192 /*
4193 * Handle mapped IPv4 packets arriving
4194 * via IPv6 sockets. Don't set up netlabel
4195 * processing on IPv6.
4196 */
4197 if (skb->protocol == htons(ETH_P_IP))
4198 family = PF_INET;
4199 else
4200 return 0;
4201 }
69f287ae 4202#endif /* CONFIG_IPV6 */
e114e473 4203
7f368ad3
CS		 4204#ifdef CONFIG_SECURITY_SMACK_NETFILTER
4205 /*
4206 * If there is a secmark use it rather than the CIPSO label.
4207 * If there is no secmark fall back to CIPSO.
4208 * The secmark is assumed to reflect policy better.
4209 */
4210 if (skb && skb->secmark != 0) {
4211 skp = smack_from_secid(skb->secmark);
4212 goto access_check;
4213 }
4214#endif /* CONFIG_SECURITY_SMACK_NETFILTER */
4215
07feee8f
PM		 4216 netlbl_secattr_init(&secattr);
4217 rc = netlbl_skbuff_getattr(skb, family, &secattr);
e114e473 4218 if (rc == 0)
2f823ff8 4219 skp = smack_from_secattr(&secattr, ssp);
e114e473 4220 else
2f823ff8 4221 skp = &smack_known_huh;
07feee8f
PM		 4222 netlbl_secattr_destroy(&secattr);
4223
7f368ad3
CS		 4224#ifdef CONFIG_SECURITY_SMACK_NETFILTER
4225access_check:
4226#endif
4227
ecfcc53f 4228#ifdef CONFIG_AUDIT
48c62af6
EP		 4229 smk_ad_init_net(&ad, __func__, LSM_AUDIT_DATA_NET, &net);
4230 ad.a.u.net->family = family;
4231 ad.a.u.net->netif = skb->skb_iif;
ecfcc53f
EB		 4232 ipv4_skb_to_auditdata(skb, &ad.a, NULL);
4233#endif
e114e473 4234 /*
07feee8f
PM		 4235 * Receiving a packet requires that the other end be able to write
4236 * here. Read access is not required.
e114e473 4237 */
21c7eae2
LP		 4238 rc = smk_access(skp, ssp->smk_in, MAY_WRITE, &ad);
4239 rc = smk_bu_note("IPv4 connect", skp, ssp->smk_in, MAY_WRITE, rc);
07feee8f
PM		 4240 if (rc != 0)
4241 return rc;
4242
4243 /*
4244 * Save the peer's label in the request_sock so we can later setup
4245 * smk_packet in the child socket so that SO_PEERCRED can report it.
4246 */
2f823ff8 4247 req->peer_secid = skp->smk_secid;
07feee8f
PM		 4248
4249 /*
4250 * We need to decide if we want to label the incoming connection here
4251 * if we do we only need to label the request_sock and the stack will
25985edc 4252 * propagate the wire-label to the sock when it is created.
07feee8f
PM		 4253 */
4254 hdr = ip_hdr(skb);
4255 addr.sin_addr.s_addr = hdr->saddr;
4256 rcu_read_lock();
21abb1ec 4257 hskp = smack_ipv4host_label(&addr);
f7112e6c
CS		 4258 rcu_read_unlock();
4259
21c7eae2 4260 if (hskp == NULL)
f7112e6c 4261 rc = netlbl_req_setattr(req, &skp->smk_netlabel);
2f823ff8 4262 else
07feee8f 4263 netlbl_req_delattr(req);
e114e473
CS		 4264
4265 return rc;
4266}
4267
07feee8f
PM		 4268/**
4269 * smack_inet_csk_clone - Copy the connection information to the new socket
4270 * @sk: the new socket
4271 * @req: the connection's request_sock
4272 *
4273 * Transfer the connection's peer label to the newly created socket.
4274 */
4275static void smack_inet_csk_clone(struct sock *sk,
4276 const struct request_sock *req)
4277{
33132849 4278 struct socket_smack *ssp = sk->sk_security;
2f823ff8 4279 struct smack_known *skp;
07feee8f 4280
2f823ff8
CS		 4281 if (req->peer_secid != 0) {
4282 skp = smack_from_secid(req->peer_secid);
54e70ec5 4283 ssp->smk_packet = skp;
2f823ff8 4284 } else
272cd7a8 4285 ssp->smk_packet = NULL;
07feee8f
PM		 4286}
4287
e114e473
CS		 4288/*
4289 * Key management security hooks
4290 *
4291 * Casey has not tested key support very heavily.
4292 * The permission check is most likely too restrictive.
4293 * If you care about keys please have a look.
4294 */
4295#ifdef CONFIG_KEYS
4296
4297/**
4298 * smack_key_alloc - Set the key security blob
4299 * @key: object
d84f4f99 4300 * @cred: the credentials to use
e114e473
CS		 4301 * @flags: unused
4302 *
4303 * No allocation required
4304 *
4305 * Returns 0
4306 */
d84f4f99 4307static int smack_key_alloc(struct key *key, const struct cred *cred,
e114e473
CS		 4308 unsigned long flags)
4309{
98738d70 4310 struct smack_known *skp = smk_of_task(smack_cred(cred));
2f823ff8 4311
33132849 4312 key->security = skp;
e114e473
CS		 4313 return 0;
4314}
4315
33132849
JS		 4316/**
4317 * smack_key_free - Clear the key security blob
4318 * @key: the object
4319 *
4320 * Clear the blob pointer
4321 */
4322static void smack_key_free(struct key *key)
4323{
4324 key->security = NULL;
4325}
4326
1a28979b 4327/**
e114e473
CS		 4328 * smack_key_permission - Smack access on a key
4329 * @key_ref: gets to the object
d84f4f99 4330 * @cred: the credentials to use
1a28979b 4331 * @perm: requested key permissions
e114e473
CS		 4332 *
4333 * Return 0 if the task has read and write to the object,
4334 * an error code otherwise
4335 */
4336static int smack_key_permission(key_ref_t key_ref,
f5895943 4337 const struct cred *cred, unsigned perm)
e114e473
CS		 4338{
4339 struct key *keyp;
ecfcc53f 4340 struct smk_audit_info ad;
98738d70 4341 struct smack_known *tkp = smk_of_task(smack_cred(cred));
fffea214 4342 int request = 0;
d166c802 4343 int rc;
e114e473
CS		 4344
4345 keyp = key_ref_to_ptr(key_ref);
4346 if (keyp == NULL)
4347 return -EINVAL;
4348 /*
4349 * If the key hasn't been initialized give it access so that
4350 * it may do so.
4351 */
33132849 4352 if (keyp->security == NULL)
e114e473
CS		 4353 return 0;
4354 /*
4355 * This should not occur
4356 */
2f823ff8 4357 if (tkp == NULL)
e114e473 4358 return -EACCES;
ecfcc53f
EB		 4359#ifdef CONFIG_AUDIT
4360 smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_KEY);
4361 ad.a.u.key_struct.key = keyp->serial;
4362 ad.a.u.key_struct.key_desc = keyp->description;
4363#endif
fffea214
DK		 4364 if (perm & KEY_NEED_READ)
4365 request = MAY_READ;
4366 if (perm & (KEY_NEED_WRITE | KEY_NEED_LINK | KEY_NEED_SETATTR))
4367 request = MAY_WRITE;
33132849
JS		 4368 rc = smk_access(tkp, keyp->security, request, &ad);
4369 rc = smk_bu_note("key access", tkp, keyp->security, request, rc);
d166c802 4370 return rc;
e114e473 4371}
7fc5f36e
JB		 4372
4373/*
4374 * smack_key_getsecurity - Smack label tagging the key
4375 * @key points to the key to be queried
4376 * @_buffer points to a pointer that should be set to point to the
4377 * resulting string (if no label or an error occurs).
4378 * Return the length of the string (including terminating NUL) or -ve if
4379 * an error.
4380 * May also return 0 (and a NULL buffer pointer) if there is no label.
4381 */
4382static int smack_key_getsecurity(struct key *key, char **_buffer)
4383{
33132849 4384 struct smack_known *skp = key->security;
7fc5f36e
JB		 4385 size_t length;
4386 char *copy;
4387
33132849 4388 if (key->security == NULL) {
7fc5f36e
JB		 4389 *_buffer = NULL;
4390 return 0;
4391 }
4392
4393 copy = kstrdup(skp->smk_known, GFP_KERNEL);
4394 if (copy == NULL)
4395 return -ENOMEM;
4396 length = strlen(copy) + 1;
4397
4398 *_buffer = copy;
4399 return length;
4400}
4401
e114e473
CS		 4402#endif /* CONFIG_KEYS */
4403
d20bdda6
AD		 4404/*
4405 * Smack Audit hooks
4406 *
4407 * Audit requires a unique representation of each Smack specific
4408 * rule. This unique representation is used to distinguish the
4409 * object to be audited from remaining kernel objects and also
4410 * works as a glue between the audit hooks.
4411 *
4412 * Since repository entries are added but never deleted, we'll use
4413 * the smack_known label address related to the given audit rule as
4414 * the needed unique representation. This also better fits the smack
4415 * model where nearly everything is a label.
4416 */
4417#ifdef CONFIG_AUDIT
4418
4419/**
4420 * smack_audit_rule_init - Initialize a smack audit rule
4421 * @field: audit rule fields given from user-space (audit.h)
4422 * @op: required testing operator (=, !=, >, <, ...)
4423 * @rulestr: smack label to be audited
4424 * @vrule: pointer to save our own audit rule representation
4425 *
4426 * Prepare to audit cases where (@field @op @rulestr) is true.
4427 * The label to be audited is created if necessay.
4428 */
4429static int smack_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule)
4430{
21c7eae2 4431 struct smack_known *skp;
d20bdda6
AD		 4432 char **rule = (char **)vrule;
4433 *rule = NULL;
4434
4435 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
4436 return -EINVAL;
4437
5af75d8d 4438 if (op != Audit_equal && op != Audit_not_equal)
d20bdda6
AD		 4439 return -EINVAL;
4440
21c7eae2 4441 skp = smk_import_entry(rulestr, 0);
e774ad68
LP		 4442 if (IS_ERR(skp))
4443 return PTR_ERR(skp);
4444
4445 *rule = skp->smk_known;
d20bdda6
AD		 4446
4447 return 0;
4448}
4449
4450/**
4451 * smack_audit_rule_known - Distinguish Smack audit rules
4452 * @krule: rule of interest, in Audit kernel representation format
4453 *
4454 * This is used to filter Smack rules from remaining Audit ones.
4455 * If it's proved that this rule belongs to us, the
4456 * audit_rule_match hook will be called to do the final judgement.
4457 */
4458static int smack_audit_rule_known(struct audit_krule *krule)
4459{
4460 struct audit_field *f;
4461 int i;
4462
4463 for (i = 0; i < krule->field_count; i++) {
4464 f = &krule->fields[i];
4465
4466 if (f->type == AUDIT_SUBJ_USER || f->type == AUDIT_OBJ_USER)
4467 return 1;
4468 }
4469
4470 return 0;
4471}
4472
4473/**
4474 * smack_audit_rule_match - Audit given object ?
4475 * @secid: security id for identifying the object to test
4476 * @field: audit rule flags given from user-space
4477 * @op: required testing operator
4478 * @vrule: smack internal rule presentation
4479 * @actx: audit context associated with the check
4480 *
4481 * The core Audit hook. It's used to take the decision of
4482 * whether to audit or not to audit a given object.
4483 */
4484static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule,
4485 struct audit_context *actx)
4486{
2f823ff8 4487 struct smack_known *skp;
d20bdda6
AD		 4488 char *rule = vrule;
4489
4eb0f4ab
RGB		 4490 if (unlikely(!rule)) {
4491 WARN_ONCE(1, "Smack: missing rule\n");
d20bdda6
AD		 4492 return -ENOENT;
4493 }
4494
4495 if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
4496 return 0;
4497
2f823ff8 4498 skp = smack_from_secid(secid);
d20bdda6
AD		 4499
4500 /*
4501 * No need to do string comparisons. If a match occurs,
4502 * both pointers will point to the same smack_known
4503 * label.
4504 */
5af75d8d 4505 if (op == Audit_equal)
2f823ff8 4506 return (rule == skp->smk_known);
5af75d8d 4507 if (op == Audit_not_equal)
2f823ff8 4508 return (rule != skp->smk_known);
d20bdda6
AD		 4509
4510 return 0;
4511}
4512
491a0b08
CS		 4513/*
4514 * There is no need for a smack_audit_rule_free hook.
d20bdda6
AD		 4515 * No memory was allocated.
4516 */
d20bdda6
AD		 4517
4518#endif /* CONFIG_AUDIT */
4519
746df9b5
DQ		 4520/**
4521 * smack_ismaclabel - check if xattr @name references a smack MAC label
4522 * @name: Full xattr name to check.
4523 */
4524static int smack_ismaclabel(const char *name)
4525{
4526 return (strcmp(name, XATTR_SMACK_SUFFIX) == 0);
4527}
4528
4529
251a2a95 4530/**
e114e473
CS		 4531 * smack_secid_to_secctx - return the smack label for a secid
4532 * @secid: incoming integer
4533 * @secdata: destination
4534 * @seclen: how long it is
4535 *
4536 * Exists for networking code.
4537 */
4538static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
4539{
2f823ff8 4540 struct smack_known *skp = smack_from_secid(secid);
e114e473 4541
d5630b9d 4542 if (secdata)
2f823ff8
CS		 4543 *secdata = skp->smk_known;
4544 *seclen = strlen(skp->smk_known);
e114e473
CS		 4545 return 0;
4546}
4547
251a2a95 4548/**
4bc87e62
CS		 4549 * smack_secctx_to_secid - return the secid for a smack label
4550 * @secdata: smack label
4551 * @seclen: how long result is
4552 * @secid: outgoing integer
4553 *
4554 * Exists for audit and networking code.
4555 */
e52c1764 4556static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
4bc87e62 4557{
21c7eae2
LP		 4558 struct smack_known *skp = smk_find_entry(secdata);
4559
4560 if (skp)
4561 *secid = skp->smk_secid;
4562 else
4563 *secid = 0;
4bc87e62
CS		 4564 return 0;
4565}
4566
491a0b08
CS		 4567/*
4568 * There used to be a smack_release_secctx hook
4569 * that did nothing back when hooks were in a vector.
4570 * Now that there's a list such a hook adds cost.
e114e473 4571 */
e114e473 4572
1ee65e37
DQ		 4573static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
4574{
4575 return smack_inode_setsecurity(inode, XATTR_SMACK_SUFFIX, ctx, ctxlen, 0);
4576}
4577
4578static int smack_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen)
4579{
4580 return __vfs_setxattr_noperm(dentry, XATTR_NAME_SMACK, ctx, ctxlen, 0);
4581}
4582
4583static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
4584{
4585 int len = 0;
4586 len = smack_inode_getsecurity(inode, XATTR_SMACK_SUFFIX, ctx, true);
4587
4588 if (len < 0)
4589 return len;
4590 *ctxlen = len;
4591 return 0;
4592}
4593
98738d70
CS		 4594struct lsm_blob_sizes smack_blob_sizes = {
4595 .lbs_cred = sizeof(struct task_smack),
004c5200 4596 .lbs_file = sizeof(struct smack_known *),
98738d70
CS		 4597};
4598
ca97d939 4599static struct security_hook_list smack_hooks[] __lsm_ro_after_init = {
e20b043a
CS		 4600 LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check),
4601 LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme),
4602 LSM_HOOK_INIT(syslog, smack_syslog),
4603
4604 LSM_HOOK_INIT(sb_alloc_security, smack_sb_alloc_security),
33132849 4605 LSM_HOOK_INIT(sb_free_security, smack_sb_free_security),
e20b043a
CS		 4606 LSM_HOOK_INIT(sb_copy_data, smack_sb_copy_data),
4607 LSM_HOOK_INIT(sb_kern_mount, smack_sb_kern_mount),
4608 LSM_HOOK_INIT(sb_statfs, smack_sb_statfs),
3bf2789c
VT		 4609 LSM_HOOK_INIT(sb_set_mnt_opts, smack_set_mnt_opts),
4610 LSM_HOOK_INIT(sb_parse_opts_str, smack_parse_opts_str),
e20b043a
CS		 4611
4612 LSM_HOOK_INIT(bprm_set_creds, smack_bprm_set_creds),
4613 LSM_HOOK_INIT(bprm_committing_creds, smack_bprm_committing_creds),
4614 LSM_HOOK_INIT(bprm_secureexec, smack_bprm_secureexec),
4615
4616 LSM_HOOK_INIT(inode_alloc_security, smack_inode_alloc_security),
33132849 4617 LSM_HOOK_INIT(inode_free_security, smack_inode_free_security),
e20b043a
CS		 4618 LSM_HOOK_INIT(inode_init_security, smack_inode_init_security),
4619 LSM_HOOK_INIT(inode_link, smack_inode_link),
4620 LSM_HOOK_INIT(inode_unlink, smack_inode_unlink),
4621 LSM_HOOK_INIT(inode_rmdir, smack_inode_rmdir),
4622 LSM_HOOK_INIT(inode_rename, smack_inode_rename),
4623 LSM_HOOK_INIT(inode_permission, smack_inode_permission),
4624 LSM_HOOK_INIT(inode_setattr, smack_inode_setattr),
4625 LSM_HOOK_INIT(inode_getattr, smack_inode_getattr),
4626 LSM_HOOK_INIT(inode_setxattr, smack_inode_setxattr),
4627 LSM_HOOK_INIT(inode_post_setxattr, smack_inode_post_setxattr),
4628 LSM_HOOK_INIT(inode_getxattr, smack_inode_getxattr),
4629 LSM_HOOK_INIT(inode_removexattr, smack_inode_removexattr),
4630 LSM_HOOK_INIT(inode_getsecurity, smack_inode_getsecurity),
4631 LSM_HOOK_INIT(inode_setsecurity, smack_inode_setsecurity),
4632 LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity),
4633 LSM_HOOK_INIT(inode_getsecid, smack_inode_getsecid),
4634
e20b043a 4635 LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security),
e20b043a
CS		 4636 LSM_HOOK_INIT(file_ioctl, smack_file_ioctl),
4637 LSM_HOOK_INIT(file_lock, smack_file_lock),
4638 LSM_HOOK_INIT(file_fcntl, smack_file_fcntl),
4639 LSM_HOOK_INIT(mmap_file, smack_mmap_file),
4640 LSM_HOOK_INIT(mmap_addr, cap_mmap_addr),
4641 LSM_HOOK_INIT(file_set_fowner, smack_file_set_fowner),
4642 LSM_HOOK_INIT(file_send_sigiotask, smack_file_send_sigiotask),
4643 LSM_HOOK_INIT(file_receive, smack_file_receive),
4644
4645 LSM_HOOK_INIT(file_open, smack_file_open),
4646
4647 LSM_HOOK_INIT(cred_alloc_blank, smack_cred_alloc_blank),
4648 LSM_HOOK_INIT(cred_free, smack_cred_free),
4649 LSM_HOOK_INIT(cred_prepare, smack_cred_prepare),
4650 LSM_HOOK_INIT(cred_transfer, smack_cred_transfer),
4651 LSM_HOOK_INIT(kernel_act_as, smack_kernel_act_as),
4652 LSM_HOOK_INIT(kernel_create_files_as, smack_kernel_create_files_as),
4653 LSM_HOOK_INIT(task_setpgid, smack_task_setpgid),
4654 LSM_HOOK_INIT(task_getpgid, smack_task_getpgid),
4655 LSM_HOOK_INIT(task_getsid, smack_task_getsid),
4656 LSM_HOOK_INIT(task_getsecid, smack_task_getsecid),
4657 LSM_HOOK_INIT(task_setnice, smack_task_setnice),
4658 LSM_HOOK_INIT(task_setioprio, smack_task_setioprio),
4659 LSM_HOOK_INIT(task_getioprio, smack_task_getioprio),
4660 LSM_HOOK_INIT(task_setscheduler, smack_task_setscheduler),
4661 LSM_HOOK_INIT(task_getscheduler, smack_task_getscheduler),
4662 LSM_HOOK_INIT(task_movememory, smack_task_movememory),
4663 LSM_HOOK_INIT(task_kill, smack_task_kill),
e20b043a
CS		 4664 LSM_HOOK_INIT(task_to_inode, smack_task_to_inode),
4665
4666 LSM_HOOK_INIT(ipc_permission, smack_ipc_permission),
4667 LSM_HOOK_INIT(ipc_getsecid, smack_ipc_getsecid),
4668
4669 LSM_HOOK_INIT(msg_msg_alloc_security, smack_msg_msg_alloc_security),
33132849 4670 LSM_HOOK_INIT(msg_msg_free_security, smack_msg_msg_free_security),
e20b043a
CS		 4671
4672 LSM_HOOK_INIT(msg_queue_alloc_security, smack_msg_queue_alloc_security),
33132849 4673 LSM_HOOK_INIT(msg_queue_free_security, smack_msg_queue_free_security),
e20b043a
CS		 4674 LSM_HOOK_INIT(msg_queue_associate, smack_msg_queue_associate),
4675 LSM_HOOK_INIT(msg_queue_msgctl, smack_msg_queue_msgctl),
4676 LSM_HOOK_INIT(msg_queue_msgsnd, smack_msg_queue_msgsnd),
4677 LSM_HOOK_INIT(msg_queue_msgrcv, smack_msg_queue_msgrcv),
4678
4679 LSM_HOOK_INIT(shm_alloc_security, smack_shm_alloc_security),
33132849 4680 LSM_HOOK_INIT(shm_free_security, smack_shm_free_security),
e20b043a
CS		 4681 LSM_HOOK_INIT(shm_associate, smack_shm_associate),
4682 LSM_HOOK_INIT(shm_shmctl, smack_shm_shmctl),
4683 LSM_HOOK_INIT(shm_shmat, smack_shm_shmat),
4684
4685 LSM_HOOK_INIT(sem_alloc_security, smack_sem_alloc_security),
33132849 4686 LSM_HOOK_INIT(sem_free_security, smack_sem_free_security),
e20b043a
CS		 4687 LSM_HOOK_INIT(sem_associate, smack_sem_associate),
4688 LSM_HOOK_INIT(sem_semctl, smack_sem_semctl),
4689 LSM_HOOK_INIT(sem_semop, smack_sem_semop),
4690
4691 LSM_HOOK_INIT(d_instantiate, smack_d_instantiate),
4692
4693 LSM_HOOK_INIT(getprocattr, smack_getprocattr),
4694 LSM_HOOK_INIT(setprocattr, smack_setprocattr),
4695
4696 LSM_HOOK_INIT(unix_stream_connect, smack_unix_stream_connect),
4697 LSM_HOOK_INIT(unix_may_send, smack_unix_may_send),
4698
4699 LSM_HOOK_INIT(socket_post_create, smack_socket_post_create),
21abb1ec 4700#ifdef SMACK_IPV6_PORT_LABELING
e20b043a 4701 LSM_HOOK_INIT(socket_bind, smack_socket_bind),
21abb1ec 4702#endif
e20b043a
CS		 4703 LSM_HOOK_INIT(socket_connect, smack_socket_connect),
4704 LSM_HOOK_INIT(socket_sendmsg, smack_socket_sendmsg),
4705 LSM_HOOK_INIT(socket_sock_rcv_skb, smack_socket_sock_rcv_skb),
4706 LSM_HOOK_INIT(socket_getpeersec_stream, smack_socket_getpeersec_stream),
4707 LSM_HOOK_INIT(socket_getpeersec_dgram, smack_socket_getpeersec_dgram),
4708 LSM_HOOK_INIT(sk_alloc_security, smack_sk_alloc_security),
4709 LSM_HOOK_INIT(sk_free_security, smack_sk_free_security),
4710 LSM_HOOK_INIT(sock_graft, smack_sock_graft),
4711 LSM_HOOK_INIT(inet_conn_request, smack_inet_conn_request),
4712 LSM_HOOK_INIT(inet_csk_clone, smack_inet_csk_clone),
d20bdda6 4713
e114e473
CS		 4714 /* key management security hooks */
4715#ifdef CONFIG_KEYS
e20b043a 4716 LSM_HOOK_INIT(key_alloc, smack_key_alloc),
33132849 4717 LSM_HOOK_INIT(key_free, smack_key_free),
e20b043a
CS		 4718 LSM_HOOK_INIT(key_permission, smack_key_permission),
4719 LSM_HOOK_INIT(key_getsecurity, smack_key_getsecurity),
e114e473 4720#endif /* CONFIG_KEYS */
d20bdda6
AD		 4721
4722 /* Audit hooks */
4723#ifdef CONFIG_AUDIT
e20b043a
CS		 4724 LSM_HOOK_INIT(audit_rule_init, smack_audit_rule_init),
4725 LSM_HOOK_INIT(audit_rule_known, smack_audit_rule_known),
4726 LSM_HOOK_INIT(audit_rule_match, smack_audit_rule_match),
d20bdda6
AD		 4727#endif /* CONFIG_AUDIT */
4728
e20b043a
CS		 4729 LSM_HOOK_INIT(ismaclabel, smack_ismaclabel),
4730 LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx),
4731 LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid),
e20b043a
CS		 4732 LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx),
4733 LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx),
4734 LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx),
e114e473
CS		 4735};
4736
7198e2ee 4737
86812bb0 4738static __init void init_smack_known_list(void)
7198e2ee 4739{
86812bb0
CS		 4740 /*
4741 * Initialize rule list locks
4742 */
4743 mutex_init(&smack_known_huh.smk_rules_lock);
4744 mutex_init(&smack_known_hat.smk_rules_lock);
4745 mutex_init(&smack_known_floor.smk_rules_lock);
4746 mutex_init(&smack_known_star.smk_rules_lock);
86812bb0
CS		 4747 mutex_init(&smack_known_web.smk_rules_lock);
4748 /*
4749 * Initialize rule lists
4750 */
4751 INIT_LIST_HEAD(&smack_known_huh.smk_rules);
4752 INIT_LIST_HEAD(&smack_known_hat.smk_rules);
4753 INIT_LIST_HEAD(&smack_known_star.smk_rules);
4754 INIT_LIST_HEAD(&smack_known_floor.smk_rules);
86812bb0
CS		 4755 INIT_LIST_HEAD(&smack_known_web.smk_rules);
4756 /*
4757 * Create the known labels list
4758 */
4d7cf4a1
TS		 4759 smk_insert_entry(&smack_known_huh);
4760 smk_insert_entry(&smack_known_hat);
4761 smk_insert_entry(&smack_known_star);
4762 smk_insert_entry(&smack_known_floor);
4d7cf4a1 4763 smk_insert_entry(&smack_known_web);
7198e2ee
EB		 4764}
4765
e114e473
CS		 4766/**
4767 * smack_init - initialize the smack system
4768 *
4769 * Returns 0
4770 */
4771static __init int smack_init(void)
4772{
98738d70
CS		 4773 static int finish;
4774 struct cred *cred = (struct cred *) current->cred;
676dac4b 4775 struct task_smack *tsp;
d84f4f99 4776
a3c3cde2
CS		 4777 if (!security_module_enable("smack",
4778 IS_ENABLED(CONFIG_SECURITY_SMACK_STACKED)))
7898e1f8
CS		 4779 return 0;
4780
98738d70
CS		 4781 if (!finish) {
4782 security_add_blobs(&smack_blob_sizes);
4783 finish = 1;
4784 return 0;
4785 }
4786
1a5b472b
R		 4787 smack_inode_cache = KMEM_CACHE(inode_smack, 0);
4788 if (!smack_inode_cache)
4789 return -ENOMEM;
4790
98738d70 4791 lsm_early_cred(cred);
676dac4b 4792
98738d70
CS		 4793 /*
4794 * Set the security state for the initial task.
4795 */
4796 tsp = smack_cred(cred);
4797 init_task_smack(tsp, &smack_known_floor, &smack_known_floor);
4798
4799 /*
4800 * Register with LSM
4801 */
4802 security_add_hooks(smack_hooks, ARRAY_SIZE(smack_hooks), "smack");
d21b7b04
JB		 4803 smack_enabled = 1;
4804
21abb1ec
CS		 4805 pr_info("Smack: Initializing.\n");
4806#ifdef CONFIG_SECURITY_SMACK_NETFILTER
4807 pr_info("Smack: Netfilter enabled.\n");
4808#endif
4809#ifdef SMACK_IPV6_PORT_LABELING
4810 pr_info("Smack: IPv6 port labeling enabled.\n");
4811#endif
4812#ifdef SMACK_IPV6_SECMARK_LABELING
4813 pr_info("Smack: IPv6 Netfilter enabled.\n");
4814#endif
e114e473 4815
86812bb0
CS		 4816 /* initialize the smack_known_list */
4817 init_smack_known_list();
e114e473 4818
e114e473
CS		 4819 return 0;
4820}
4821
4822/*
4823 * Smack requires early initialization in order to label
4824 * all processes and objects when they are created.
4825 */
4826security_initcall(smack_init);
Ubuntu Artful kernel mirror